Branch: refs/heads/OpenSSL_1_1_1-stable
Home: https://github.openssl.org/openssl/openssl
Commit: a1d80edcf830739131e0567dc03b1e80b7988b1e
https://github.openssl.org/openssl/openssl/commit/a1d80edcf830739131e0567dc03b1e80b7988b1e
Author: Matt Caswell <[email protected]>
Date: 2022-07-05 (Tue, 05 Jul 2022)
Changed paths:
M crypto/x509v3/v3_addr.c
M test/v3ext.c
Log Message:
-----------
Fix range_should_be_prefix() to actually return the correct result
range_should_be_prefix() was misidentifying whether an IP address range
should in fact be represented as a prefix. This was due to a bug introduced
in commit 42d7d7dd which made this incorrect change:
- OPENSSL_assert(memcmp(min, max, length) <= 0);
+ if (memcmp(min, max, length) <= 0)
+ return -1;
This error leads to incorrect DER being encoded/accepted.
Reported by Theo Buehler (@botovq)
Reviewed-by: Paul Dale <[email protected]>
Reviewed-by: Tomas Mraz <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/18524)
(cherry picked from commit 30532e59f475e0066c030693e4d614311a9e0cae)
(cherry picked from commit 2c6550c6db9b1b69dc24f968b4ceb534edcf4841)
