From: Matt Caswell Date: Mon, 22 Aug 2016 23:01:57 +0000 (+0100) Subject: Add some sanity checks when checking CRL scores X-Git-Tag: OpenSSL_1_0_2j~2 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=6e629b5be45face20b4ca71c4fcbfed78b864a2e;p=oweals%2Fopenssl.git Add some sanity checks when checking CRL scores Note: this was accidentally omitted from OpenSSL 1.0.2 branch. Without this fix any attempt to use CRLs will crash. CVE-2016-7052 Thanks to Bruce Stephens and Thomas Jakobi for reporting this issue. Reviewed-by: Stephen Henson Reviewed-by: Rich Salz --- diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 8334b3fcff..b1472018ba 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1124,10 +1124,10 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, crl = sk_X509_CRL_value(crls, i); reasons = *preasons; crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x); - if (crl_score < best_score) + if (crl_score < best_score || crl_score == 0) continue; /* If current CRL is equivalent use it if it is newer */ - if (crl_score == best_score) { + if (crl_score == best_score && best_crl != NULL) { int day, sec; if (ASN1_TIME_diff(&day, &sec, X509_CRL_get_lastUpdate(best_crl), X509_CRL_get_lastUpdate(crl)) == 0)