Google Git
Sign in
boringssl / boringssl / refs/heads/grpc-202302
commit6195bf8242156c9a2fa75702eee058f91b86a88b[log] [tgz]
authorDavid Benjamin <davidben@google.com>Tue Jan 31 13:36:55 2023 -0500
committerDavid Benjamin <davidben@google.com>Fri Feb 10 19:05:04 2023 +0000
tree788ade99f95fb9f827a2970aff79956f8e06ffbb
parentb9232f9e27e5668bc0414879dcdedb2a59ea75f2 [diff]
Fix the type of x400Address in GENERAL_NAME

This fixes CVE-2023-0286.

The main impact is that GENERAL_NAME_cmp, when given x400Addresses, can
interpret a pointer with the wrong type. Applications that set
X509_V_FLAG_CRL_CHECK and take CRLs from untrusted sources should take
this patch.

Change-Id: Ib76265fa098df3cb0db075646773c14d59d0ca75
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/56985
Commit-Queue: Bob Beck <bbe@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
(cherry picked from commit f219ae96bef5be04e78ddb5b5226ccb6439bd3ed)
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/57165
3 files changed
tree: 788ade99f95fb9f827a2970aff79956f8e06ffbb
  1. .github/
  2. ios-aarch64/
  3. ios-arm/
  4. linux-aarch64/
  5. linux-arm/
  6. linux-ppc64le/
  7. linux-x86/
  8. linux-x86_64/
  9. mac-x86/
  10. mac-x86_64/
  11. src/
  12. win-aarch64/
  13. win-x86/
  14. win-x86_64/
  15. BUILD
  16. BUILD.generated.bzl
  17. BUILD.generated_tests.bzl
  18. CMakeLists.txt
  19. crypto_test_data.cc
  20. err_data.c
  21. LICENSE
  22. sources.json
  23. WORKSPACE