Fix CVE-2024-0727 #588
Merged
Fix CVE-2024-0727 #588
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dongbeiouba
force-pushed
the
fix/CVE-2024-0727
branch
from
d1dd694 to
45806c2
Compare
InfoHunter
reviewed
Mar 12, 2024
InfoHunter
previously approved these changes
Mar 12, 2024
|
删除文档后可合并 |
dongbeiouba
force-pushed
the
fix/CVE-2024-0727
branch
from
db9965c to
26a93aa
Compare
|
CI failure is not related. This can be merged after the conflicts are resolved. |
Fixes openssl#17720. Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl/openssl#17882)
Use binary mode when opening a file. Partially fixes #18017. Reviewed-by: Kurt Roeckx <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl/openssl#19117)
Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl/openssl#19025)
Fixes #19718 Fixes #19716 Added PKCS12_SAFEBAG_get1_cert_ex(), PKCS12_SAFEBAG_get1_crl_ex() and ASN1_item_unpack_ex(). parse_bag and parse_bags now use the libctx/propq stored in the P7_CTX. PKCS12_free() needed to be manually constructed in order to free the propq. pkcs12_api_test.c changed so that it actually tests the libctx, propq. Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl/openssl#19942)
Fixes #19092 The code looks like it was written to work with PBES1. As it had no tests, this would of then broken when PBES2 was introduced at a later point. Also added libctx and propq support. This affects the shroudedkeybag object. Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from openssl/openssl#20134)
PKCS12 structures contain PKCS7 ContentInfo fields. These fields are optional and can be NULL even if the "type" is a valid value. OpenSSL was not properly accounting for this and a NULL dereference can occur causing a crash. CVE-2024-0727 Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Hugo Landau <[email protected]> Reviewed-by: Neil Horman <[email protected]> (Merged from openssl/openssl#23361)
PKCS7 ContentInfo fields held within a PKCS12 file can be NULL, even if the type has been set to a valid value. CVE-2024-0727 is a result of OpenSSL attempting to dereference the NULL pointer as a result of this. We add test for various instances of this problem. Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Hugo Landau <[email protected]> Reviewed-by: Neil Horman <[email protected]> (Merged from openssl/openssl#23361)
dongbeiouba
force-pushed
the
fix/CVE-2024-0727
branch
from
26a93aa to
fb7795a
Compare
|
ping @InfoHunter |
InfoHunter
approved these changes
Mar 25, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Sync from OpenSSL.
Checklist