-
Notifications
You must be signed in to change notification settings - Fork 4.6k
/
boringssl_CVE-2023-0286.patch
46 lines (44 loc) · 1.68 KB
/
boringssl_CVE-2023-0286.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
diff --git a/crypto/x509/x509_test.cc b/crypto/x509/x509_test.cc
index aebc76a92..a1bb39bad 100644
--- a/src/crypto/x509/x509_test.cc
+++ b/src/crypto/x509/x509_test.cc
@@ -3587,6 +3587,8 @@ TEST(X509Test, GeneralName) {
{0x82, 0x01, 0x61},
// [2 PRIMITIVE] { "b" }
{0x82, 0x01, 0x62},
+ // [3] {}
+ {0xa3, 0x00},
// [4] {
// SEQUENCE {
// SET {
diff --git a/crypto/x509v3/v3_genn.c b/crypto/x509v3/v3_genn.c
index f313c797d..aafad9396 100644
--- a/src/crypto/x509v3/v3_genn.c
+++ b/src/crypto/x509v3/v3_genn.c
@@ -129,7 +129,7 @@ int GENERAL_NAME_cmp(const GENERAL_NAME *a, const GENERAL_NAME *b) {
switch (a->type) {
case GEN_X400:
- return ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address);
+ return ASN1_STRING_cmp(a->d.x400Address, b->d.x400Address);
case GEN_EDIPARTY:
return edipartyname_cmp(a->d.ediPartyName, b->d.ediPartyName);
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
index 37e1a2273..ff2b1950f 100644
--- a/src/include/openssl/x509v3.h
+++ b/src/include/openssl/x509v3.h
@@ -167,7 +167,7 @@ typedef struct GENERAL_NAME_st {
OTHERNAME *otherName; // otherName
ASN1_IA5STRING *rfc822Name;
ASN1_IA5STRING *dNSName;
- ASN1_TYPE *x400Address;
+ ASN1_STRING *x400Address;
X509_NAME *directoryName;
EDIPARTYNAME *ediPartyName;
ASN1_IA5STRING *uniformResourceIdentifier;
@@ -179,6 +179,5 @@ typedef struct GENERAL_NAME_st {
X509_NAME *dirn; // dirn
ASN1_IA5STRING *ia5; // rfc822Name, dNSName, uniformResourceIdentifier
ASN1_OBJECT *rid; // registeredID
- ASN1_TYPE *other; // x400Address
} d;
} GENERAL_NAME;