From 108164cf95d9594884c2dcccba2691335e6f221b Mon Sep 17 00:00:00 2001 From: Gordon Tetlow Date: Tue, 3 Sep 2024 20:56:17 -0700 Subject: openssl: Import OpenSSL 3.0.15. This release incorporates the following bug fixes and mitigations: - Fixed possible denial of service in X.509 name checks ([CVE-2024-6119]) - Fixed possible buffer overread in SSL_select_next_proto() ([CVE-2024-5535]) Release notes can be found at: https://openssl-library.org/news/openssl-3.0-notes/index.html --- crypto/x509/x_name.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'crypto/x509/x_name.c') diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c index 944eb9992486..eded80246df9 100644 --- a/crypto/x509/x_name.c +++ b/crypto/x509/x_name.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -476,8 +476,8 @@ static int i2d_name_canon(const STACK_OF(STACK_OF_X509_NAME_ENTRY) * _intname, v = sk_ASN1_VALUE_value(intname, i); ltmp = ASN1_item_ex_i2d(&v, in, ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1); - if (ltmp < 0) - return ltmp; + if (ltmp < 0 || len > INT_MAX - ltmp) + return -1; len += ltmp; } return len; -- cgit v1.2.3