Skip to content

backport X509_VERIFY_PARAM_get0(): add check to defend on out-of-bound table access #28404

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

backport X509_VERIFY_PARAM_get0(): add check to defend on out-of-bound table access #28404

wants to merge 1 commit into from

Conversation

DDvO
Copy link
Contributor

@DDvO DDvO commented Sep 1, 2025

This backports #28370 to 3.4 etc.

@DDvO DDvO added approval: review pending This pull request needs review by a committer triaged: bug The issue/pr is/fixes a bug branch: 3.0 Merge to openssl-3.0 branch tests: exempted The PR is exempt from requirements for testing branch: 3.2 Merge to openssl-3.2 branch: 3.3 Merge to openssl-3.3 branch: 3.4 Merge to openssl-3.4 labels Sep 1, 2025
@mattcaswell mattcaswell added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Sep 2, 2025
@openssl-machine openssl-machine added approval: ready to merge The 24 hour grace period has passed, ready to merge and removed approval: done This pull request has the required number of approvals labels Sep 3, 2025
@openssl-machine
Copy link
Collaborator

This pull request is ready to merge

openssl-machine pushed a commit that referenced this pull request Sep 3, 2025
@DDvO
X509_VERIFY_PARAM_get0(): add check to defend on out-of-bound table a…
4ed6cfc 
…ccess

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from #28404)
openssl-machine pushed a commit that referenced this pull request Sep 3, 2025
@DDvO
X509_VERIFY_PARAM_get0(): add check to defend on out-of-bound table a…
89ce0ef 
…ccess

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from #28404)

(cherry picked from commit 4ed6cfc)
openssl-machine pushed a commit that referenced this pull request Sep 3, 2025
@DDvO
X509_VERIFY_PARAM_get0(): add check to defend on out-of-bound table a…
3205daf 
…ccess

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from #28404)

(cherry picked from commit 4ed6cfc)
openssl-machine pushed a commit that referenced this pull request Sep 3, 2025
@DDvO
X509_VERIFY_PARAM_get0(): add check to defend on out-of-bound table a…
2e0e517 
…ccess

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from #28404)

(cherry picked from commit 4ed6cfc)
@DDvO
Copy link
Contributor Author

DDvO commented Sep 3, 2025

Merged as planned to 3.4, 3.3, 3.2 and 3.0 - thanks for the swift approvals

@DDvO DDvO closed this Sep 3, 2025
eclipse-oniro-oh-bot pushed a commit to eclipse-oniro-mirrors/third_party_openssl that referenced this pull request Sep 12, 2025
@DDvO
X509_VERIFY_PARAM_get0(): add check to defend on out-of-bound table a…
302d77b 
…ccess

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from openssl/openssl#28404)

(cherry picked from commit 4ed6cfce586f7a78c0e7e3d314c2b785ac16f1a9)
Signed-off-by: jing-wang177 <wangjing561@huawei.com>
eclipse-oniro-oh-bot pushed a commit to eclipse-oniro-mirrors/third_party_openssl that referenced this pull request Oct 1, 2025
@DDvO
X509_VERIFY_PARAM_get0(): add check to defend on out-of-bound table a…
ba019b6 
…ccess

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from openssl/openssl#28404)

(cherry picked from commit 4ed6cfce586f7a78c0e7e3d314c2b785ac16f1a9)
Signed-off-by: jing-wang177 <wangjing561@huawei.com>
eclipse-oniro-oh-bot pushed a commit to eclipse-oniro-mirrors/third_party_openssl that referenced this pull request Oct 1, 2025
@DDvO
X509_VERIFY_PARAM_get0(): add check to defend on out-of-bound table a…
a015d3b 
…ccess

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from openssl/openssl#28404)

(cherry picked from commit 4ed6cfce586f7a78c0e7e3d314c2b785ac16f1a9)
Signed-off-by: jing-wang177 <wangjing561@huawei.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@t8m t8m t8m approved these changes

@mattcaswell mattcaswell mattcaswell approved these changes

Assignees
No one assigned
Labels
approval: ready to merge The 24 hour grace period has passed, ready to merge branch: 3.0 Merge to openssl-3.0 branch branch: 3.2 Merge to openssl-3.2 branch: 3.3 Merge to openssl-3.3 branch: 3.4 Merge to openssl-3.4 tests: exempted The PR is exempt from requirements for testing triaged: bug The issue/pr is/fixes a bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@DDvO @openssl-machine @t8m @mattcaswell