Fix ASN1_TYPE_cmp

Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This can be triggered during certificate verification so could be a DoS attack against a client or a server enabling client authentication. CVE-2015-0286 Reviewed-by: Richard Levitte <levitte@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2015-03-09 23:11:45 +0000
committer: Matt Caswell <matt@openssl.org> 2015-03-19 12:59:31 +0000
commit: c982285ab63adeb473197d54d246d120bf60778b (patch)
tree: a2c221ab6d0bfd1c05da835ec4834f47576e530a
parent: b485d976340d3ca080060c3c7dee9102e2200762 (diff)
download: openssl-new-c982285ab63adeb473197d54d246d120bf60778b.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c
index 4a36aff6ac..af795306b5 100644
--- a/crypto/asn1/a_type.c
+++ b/crypto/asn1/a_type.c
@@ -119,6 +119,9 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b)
     case V_ASN1_OBJECT:
         result = OBJ_cmp(a->value.object, b->value.object);
         break;
+    case V_ASN1_BOOLEAN:
+        result = a->value.boolean - b->value.boolean;
+        break;
     case V_ASN1_NULL:
         result = 0;             /* They do not have content. */
         break;
author	Dr. Stephen Henson <steve@openssl.org>	2015-03-09 23:11:45 +0000
committer	Matt Caswell <matt@openssl.org>	2015-03-19 12:59:31 +0000
commit	c982285ab63adeb473197d54d246d120bf60778b (patch)
tree	a2c221ab6d0bfd1c05da835ec4834f47576e530a
parent	b485d976340d3ca080060c3c7dee9102e2200762 (diff)
download	openssl-new-c982285ab63adeb473197d54d246d120bf60778b.tar.gz