Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Avoid type errors in EAI-related name check logic. #652

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

dongbeiouba
Copy link
Member

The incorrectly typed data is read only, used in a compare operation, so neither remote code execution, nor memory content disclosure were possible. However, applications performing certificate name checks were vulnerable to denial of service.

The GENERAL_TYPE data type is a union, and we must take care to access the correct member, based on gen->type, not all the member fields have the same structure, and a segfault is possible if the wrong member field is read.

The code in question was lightly refactored with the intent to make it more obviously correct.

Fixes CVE-2024-6119

Checklist
  • https://yuque.com/tsdoc 增加或更新了必要的文档
  • 增加或更新了必要的测试用例
  • 对于重要修改,更新了CHANGES文件
  • 当前修改存在对已有API参数或返回值的改变
  • 当前修改存在对旧版本功能的兼容性改变(如网络协议或密码算法)

@dongbeiouba dongbeiouba marked this pull request as draft September 23, 2024 11:47
@dongbeiouba dongbeiouba marked this pull request as ready for review September 24, 2024 03:07
@dongbeiouba dongbeiouba requested review from InfoHunter, uudiin, wa5i, zzl360 and a team September 24, 2024 03:07
The incorrectly typed data is read only, used in a compare operation, so
neither remote code execution, nor memory content disclosure were possible.
However, applications performing certificate name checks were vulnerable to
denial of service.

The GENERAL_TYPE data type is a union, and we must take care to access the
correct member, based on `gen->type`, not all the member fields have the same
structure, and a segfault is possible if the wrong member field is read.

The code in question was lightly refactored with the intent to make it more
obviously correct.

Fixes CVE-2024-6119

(cherry picked from commit 06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6)
@dongbeiouba
Copy link
Member Author

ping @Tongsuo-Project/tongsuo-maintainers

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant