Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:Update
openssl-1_1.19080
openssl-CVE-2020-1967.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-CVE-2020-1967.patch of Package openssl-1_1.19080
From fda4b40dacd47859c0760b62572af761e8e5ed74 Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk <kaduk@mit.edu> Date: Fri, 10 Apr 2020 12:27:28 -0700 Subject: [PATCH 2/4] Fix NULL dereference in SSL_check_chain() for TLS 1.3 In the tls1_check_sig_alg() helper function, we loop through the list of "signature_algorithms_cert" values received from the client and attempt to look up each one in turn in our internal table that maps wire codepoint to string-form name, digest and/or signature NID, etc., in order to compare the signature scheme from the peer's list against what is used to sign the certificates in the certificate chain we're checking. Unfortunately, when the peer sends a value that we don't support, the lookup returns NULL, but we unconditionally dereference the lookup result for the comparison, leading to an application crash triggerable by an unauthenticated client. Since we will not be able to say anything about algorithms we don't recognize, treat NULL return from lookup as "does not match". We currently only apply the "signature_algorithm_cert" checks on TLS 1.3 connections, so previous TLS versions are unaffected. SSL_check_chain() is not called directly from libssl, but may be used by the application inside a callback (e.g., client_hello or cert callback) to verify that a candidate certificate chain will be acceptable to the client. CVE-2020-1967 --- ssl/t1_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index a254fd5a05..76b4baa388 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2130,7 +2130,7 @@ static int tls1_check_sig_alg(SSL *s, X509 *x, int default_nid) sigalg = use_pc_sigalgs ? tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i]) : s->shared_sigalgs[i]; - if (sig_nid == sigalg->sigandhash) + if (sigalg != NULL && sig_nid == sigalg->sigandhash) return 1; } return 0; -- 2.16.4
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor