Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
supply proper input buffer to X509_check_host
CVE-2020-7042 use of uninitialized memory in X509_check_host is fixed with this commit the uninitialized buffer common_name was passed as argument to X509_check_host which prevented proper host name validation when openssl >= 1.0.2 was in use. This came in with #282 which went into openfortivpn 1.7.1. Unfortunately, this problem has stayed unnoticed because the return value was not properly checked either (which is a separate issue, with CVE-2020-7041, and which has been fixed by the previous commit)
- Loading branch information