0028-CVE-2023-0286-Fix-GENERAL_NAME_cmp-for-x400Address-1.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

From 7553d2119f3c899f779eaacafff63feaa843814a Mon Sep 17 00:00:00 2001
From: s00803682 <shaodenghui@huawei.com>
Date: Sat, 25 Feb 2023 18:22:13 +0800
Subject: [PATCH] CVE-2023-0286: Fix GENERAL_NAME_cmp for x400Address (1.1.1)

REF: https://github.com/openssl/openssl/commit/2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9
Signed-off-by: chenhuiying <chenhuiying4@huawei.com>
---
 CryptoPkg/Library/OpensslLib/openssl/crypto/x509v3/v3_genn.c  | 2 +-
 CryptoPkg/Library/OpensslLib/openssl/include/openssl/x509v3.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/x509v3/v3_genn.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/x509v3/v3_genn.c
index 23778e2..12ce733 100644
--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/x509v3/v3_genn.c
+++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/x509v3/v3_genn.c
@@ -97,7 +97,7 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
         return -1;
     switch (a->type) {
     case GEN_X400:
-        result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address);
+        result = ASN1_STRING_cmp(a->d.x400Address, b->d.x400Address);
         break;
 
     case GEN_EDIPARTY:
diff --git a/CryptoPkg/Library/OpensslLib/openssl/include/openssl/x509v3.h b/CryptoPkg/Library/OpensslLib/openssl/include/openssl/x509v3.h
index 6c6eca3..b80438d 100644
--- a/CryptoPkg/Library/OpensslLib/openssl/include/openssl/x509v3.h
+++ b/CryptoPkg/Library/OpensslLib/openssl/include/openssl/x509v3.h
@@ -136,7 +136,7 @@ typedef struct GENERAL_NAME_st {
         OTHERNAME *otherName;   /* otherName */
         ASN1_IA5STRING *rfc822Name;
         ASN1_IA5STRING *dNSName;
-        ASN1_TYPE *x400Address;
+        ASN1_STRING *x400Address;
         X509_NAME *directoryName;
         EDIPARTYNAME *ediPartyName;
         ASN1_IA5STRING *uniformResourceIdentifier;
-- 
2.27.0