The branch stable/11 has been updated by jkim: URL: https://cgit.FreeBSD.org/src/commit/?id=2dcaecea30c0258d0541aaf434df95d143d07c06
commit 2dcaecea30c0258d0541aaf434df95d143d07c06 Author: Jung-uk Kim <[email protected]> AuthorDate: 2021-02-18 17:46:10 +0000 Commit: Jung-uk Kim <[email protected]> CommitDate: 2021-02-18 17:46:10 +0000 OpenSSL: Fix Null pointer deref in X509_issuer_and_serial_hash() Note it is backported from OpenSSL 1.1.1j to fix CVE-2021-23841. https://github.com/openssl/openssl/commit/122a19ab48091c657f7cb1fb3af9fc07bd557bbf --- crypto/openssl/crypto/x509/x509_cmp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/openssl/crypto/x509/x509_cmp.c b/crypto/openssl/crypto/x509/x509_cmp.c index a7b90e6a42f5..62868f0c9c2e 100644 --- a/crypto/openssl/crypto/x509/x509_cmp.c +++ b/crypto/openssl/crypto/x509/x509_cmp.c @@ -87,6 +87,8 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) EVP_MD_CTX_init(&ctx); f = X509_NAME_oneline(a->cert_info->issuer, NULL, 0); + if (f == NULL) + goto err; if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL)) goto err; if (!EVP_DigestUpdate(&ctx, (unsigned char *)f, strlen(f))) _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all To unsubscribe, send any mail to "[email protected]"
