jimzah/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src.git synced 2024-11-26 20:12:44 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
releng/14.1
freebsd-src/crypto
History
Viktor Dukhovni 9a5a7c90d5 openssl: Avoid type errors in EAI-related name check logic. 
The incorrectly typed data is read only, used in a compare operation, so
neither remote code execution, nor memory content disclosure were possible.
However, applications performing certificate name checks were vulnerable to
denial of service.

The GENERAL_TYPE data type is a union, and we must take care to access the
correct member, based on `gen->type`, not all the member fields have the same
structure, and a segfault is possible if the wrong member field is read.

The code in question was lightly refactored with the intent to make it more
obviously correct.

Security:	CVE-2024-6119
Obtained from:	OpenSSL Project

(cherry picked from commit 1486960d6cdb052e4fc0109a56a0597b4e902ba1)
(cherry picked from commit 5946b0c6cb)

Approved by:	so
2024-09-04 20:46:54 +00:00
..
heimdal heimdal: Fix compiling hdb ldap as a module 2024-04-29 05:50:19 -07:00
openssh sshd: remove blacklist call from grace_alarm_timer 2024-08-07 13:32:25 +00:00
openssl openssl: Avoid type errors in EAI-related name check logic. 2024-09-04 20:46:54 +00:00
README Two more $FreeBSD$ stragglers 2023-09-17 08:34:41 -06:00

README 

This directory is for the EXACT same use as src/contrib, except it
holds crypto sources.  In other words, this holds raw sources obtained
from various third party vendors, with FreeBSD patches applied.  No
compilation is done from this directory, it is all done from the
src/secure directory.  The separation between src/contrib and src/crypto
is the result of an old USA law, which made these sources export
controlled, so they had to be kept separate.