testing/openssl
SHA256
3
0
Fork 0
forked from pool/openssl
Code Pull Requests Activity
42aa3a9eb7
openssl/openssl-CVE-2015-0286.patch
Dominique Leuenberger 42aa3a9eb7 Accepting request 291607 from Base:System 
- security update:
 * CVE-2015-0209 (bnc#919648)
   - Fix a failure to NULL a pointer freed on error
 * CVE-2015-0286 (bnc#922496)
   - Segmentation fault in ASN1_TYPE_cmp
 * CVE-2015-0287 (bnc#922499)
   - ASN.1 structure reuse memory corruption
 * CVE-2015-0288 x509: (bnc#920236)
   - added missing public key is not NULL check
 * CVE-2015-0289 (bnc#922500)
   - PKCS7 NULL pointer dereferences
 * CVE-2015-0293 (bnc#922488)
   - Fix reachable assert in SSLv2 servers
 * added patches:
   openssl-CVE-2015-0209.patch
   openssl-CVE-2015-0286.patch
   openssl-CVE-2015-0287.patch
   openssl-CVE-2015-0288.patch
   openssl-CVE-2015-0289.patch
   openssl-CVE-2015-0293.patch (forwarded request 291606 from vitezslav_cizek)

OBS-URL: https://build.opensuse.org/request/show/291607
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=126
2015-03-23 11:16:06 +00:00

29 lines
1.0 KiB
Diff
Raw Blame History

commit ee5a1253285e5c9f406c8b57b0686319b70c07d8
Author: Dr. Stephen Henson <steve@openssl.org>
Date: Mon Mar 9 23:11:45 2015 +0000
Fix ASN1_TYPE_cmp
Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This
can be triggered during certificate verification so could be a DoS attack
against a client or a server enabling client authentication.
CVE-2015-0286
Reviewed-by: Richard Levitte <levitte@openssl.org>
Index: openssl-1.0.1i/crypto/asn1/a_type.c
===================================================================
--- openssl-1.0.1i.orig/crypto/asn1/a_type.c 2015-03-17 14:15:18.832332902 +0100
+++ openssl-1.0.1i/crypto/asn1/a_type.c 2015-03-17 14:15:19.738346161 +0100
@@ -124,6 +124,9 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, co
case V_ASN1_OBJECT:
result = OBJ_cmp(a->value.object, b->value.object);
break;
+ case V_ASN1_BOOLEAN:
+ result = a->value.boolean - b->value.boolean;
+ break;
case V_ASN1_NULL:
result = 0; /* They do not have content. */
break;
View Git Blame Copy Permalink