Fix ASN1_TYPE_cmp

Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This can be triggered during certificate verification so could be a DoS attack against a client or a server enabling client authentication. CVE-2015-0286 Reviewed-by: Richard Levitte <levitte@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2015-03-09 23:11:45 +0000
committer: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de> 2015-10-22 01:01:12 +0200
commit: ad943c8df0520cc314ac5c875306ccf01c0747c9 (patch)
tree: 40372b3286602d9bef15b7285ae750f1b716b48a
parent: 843e826def0aa23258690c39aa03fc2862516842 (diff)
download: replicant_openssl-ad943c8df0520cc314ac5c875306ccf01c0747c9.zip
replicant_openssl-ad943c8df0520cc314ac5c875306ccf01c0747c9.tar.gz
replicant_openssl-ad943c8df0520cc314ac5c875306ccf01c0747c9.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c
index a45d2f9..7c4fa4d 100644
--- a/crypto/asn1/a_type.c
+++ b/crypto/asn1/a_type.c
@@ -124,6 +124,9 @@ int ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b)
 	case V_ASN1_OBJECT:
 		result = OBJ_cmp(a->value.object, b->value.object);
 		break;
+    case V_ASN1_BOOLEAN:
+        result = a->value.boolean - b->value.boolean;
+        break;
 	case V_ASN1_NULL:
 		result = 0;	/* They do not have content. */
 		break;
author	Dr. Stephen Henson <steve@openssl.org>	2015-03-09 23:11:45 +0000
committer	Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>	2015-10-22 01:01:12 +0200
commit	ad943c8df0520cc314ac5c875306ccf01c0747c9 (patch)
tree	40372b3286602d9bef15b7285ae750f1b716b48a
parent	843e826def0aa23258690c39aa03fc2862516842 (diff)
download	replicant_openssl-ad943c8df0520cc314ac5c875306ccf01c0747c9.zip replicant_openssl-ad943c8df0520cc314ac5c875306ccf01c0747c9.tar.gz replicant_openssl-ad943c8df0520cc314ac5c875306ccf01c0747c9.tar.bz2