Permalink
Browse files

Fix ASN1_TYPE_cmp

Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This
can be triggered during certificate verification so could be a DoS attack
against a client or a server enabling client authentication.

CVE-2015-0286

Reviewed-by: Richard Levitte <levitte@openssl.org>
  • Loading branch information...
snhenson authored and mattcaswell committed Mar 9, 2015
1 parent d3cc5e6 commit e677e8d13595f7b3287f8feef7676feb301b0e8a
Showing with 3 additions and 0 deletions.
  1. +3 −0 crypto/asn1/a_type.c
View
@@ -115,6 +115,9 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b)
case V_ASN1_OBJECT:
result = OBJ_cmp(a->value.object, b->value.object);
break;
case V_ASN1_BOOLEAN:
result = a->value.boolean - b->value.boolean;
break;
case V_ASN1_NULL:
result = 0; /* They do not have content. */
break;

0 comments on commit e677e8d

Please sign in to comment.