Commit 02758836 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson Committed by Matt Caswell
Browse files

Fix ASN1_TYPE_cmp 



Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This
can be triggered during certificate verification so could be a DoS attack
against a client or a server enabling client authentication.

CVE-2015-0286

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
parent 7746ff50

crypto/asn1/a_type.c

+3 −0
Original line number Diff line number Diff line
@@ -119,6 +119,9 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b) 
    case V_ASN1_OBJECT:

        result = OBJ_cmp(a->value.object, b->value.object);

        break;

    case V_ASN1_BOOLEAN:

        result = a->value.boolean - b->value.boolean;

        break;

    case V_ASN1_NULL:

        result = 0;             /* They do not have content. */

        break;