From: Dr. Stephen Henson Date: Mon, 9 Mar 2015 23:11:45 +0000 (+0000) Subject: Fix ASN1_TYPE_cmp X-Git-Tag: OpenSSL_1_1_0-pre1~1509 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=e677e8d13595f7b3287f8feef7676feb301b0e8a;p=oweals%2Fopenssl.git Fix ASN1_TYPE_cmp Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This can be triggered during certificate verification so could be a DoS attack against a client or a server enabling client authentication. CVE-2015-0286 Reviewed-by: Richard Levitte --- diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c index 13ecfcd9b9..e7ec49d39a 100644 --- a/crypto/asn1/a_type.c +++ b/crypto/asn1/a_type.c @@ -115,6 +115,9 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b) case V_ASN1_OBJECT: result = OBJ_cmp(a->value.object, b->value.object); break; + case V_ASN1_BOOLEAN: + result = a->value.boolean - b->value.boolean; + break; case V_ASN1_NULL: result = 0; /* They do not have content. */ break;