CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/05/17 22:24:01
Modified files:
lib/libcrypto/x509: x509_addr.c
Log message:
x509_addr: do not call memcmp() on NULL
If the minimum length is 0, either a->data or b->data could be NULL, so
do not call memcmp() and let the length comparison decide. Doing it this
way preserves the RFC 3779, section 2.2.3.3 semantics and avoids the UB.
A valid IPAddressFamily has an addressFamily element of 2 or 3 octets:
2 octets for the AFI and 1 octet for the optional SAFI. The check as
it is written compares the AFIs and, if they're equal, lets absent SAFI
be smaller than any other SAFI. So IPv4 (0x0001) sorts before IPv4
unicast (0x000101) and that in turn sorts before IPv6 (0x0002).
Found by beck while breaking OpenSSL
ok kenjiro
