[openssl] master update

[Dr . Paul Dale]

The branch master has been updated
       via  485d0790ac1a29a0d4e7391d804810d485890376 (commit)
      from  cc0d1b03a94b71dd9d8ee9aa11ee22fdc3659821 (commit)


- Log -----------------------------------------------------------------
commit 485d0790ac1a29a0d4e7391d804810d485890376
Author: Nikita Ivanov <niva...@cloudlinux.com>
Date:   Tue Sep 7 11:31:17 2021 +0300

    Fix nc_email to check ASN1 strings with NULL byte in the middle
    
    Reviewed-by: Tomas Mraz <to...@openssl.org>
    Reviewed-by: Paul Dale <pa...@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16524)

-----------------------------------------------------------------------

Summary of changes:
 crypto/x509/v3_ncons.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/crypto/x509/v3_ncons.c b/crypto/x509/v3_ncons.c
index dc56fe2c0c..70a7e8304e 100644
--- a/crypto/x509/v3_ncons.c
+++ b/crypto/x509/v3_ncons.c
@@ -714,6 +714,9 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING 
*base)
         if (baseat != baseptr) {
             if ((baseat - baseptr) != (emlat - emlptr))
                 return X509_V_ERR_PERMITTED_VIOLATION;
+            if (memchr(baseptr, 0, baseat - baseptr) ||
+                memchr(emlptr, 0, emlat - emlptr))
+                return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
             /* Case sensitive match of local part */
             if (strncmp(baseptr, emlptr, emlat - emlptr))
                 return X509_V_ERR_PERMITTED_VIOLATION;