1 files changed, 40 insertions, 0 deletions

diff --git a/recipes-connectivity/openssl/openssl/CVE-2021-23841.patch b/recipes-connectivity/openssl/openssl/CVE-2021-23841.patch
new file mode 100644
index 0000000..e6c5022
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/CVE-2021-23841.patch
@@ -0,0 +1,40 @@
+Backport of:
+
+From 122a19ab48091c657f7cb1fb3af9fc07bd557bbf Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Wed, 10 Feb 2021 16:10:36 +0000
+Subject: [PATCH] Fix Null pointer deref in X509_issuer_and_serial_hash()
+
+The OpenSSL public API function X509_issuer_and_serial_hash() attempts
+to create a unique hash value based on the issuer and serial number data
+contained within an X509 certificate. However it fails to correctly
+handle any errors that may occur while parsing the issuer field (which
+might occur if the issuer field is maliciously constructed). This may
+subsequently result in a NULL pointer deref and a crash leading to a
+potential denial of service attack.
+
+The function X509_issuer_and_serial_hash() is never directly called by
+OpenSSL itself so applications are only vulnerable if they use this
+function directly and they use it on certificates that may have been
+obtained from untrusted sources.
+
+CVE-2021-23841
+
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+(cherry picked from commit 8130d654d1de922ea224fa18ee3bc7262edc39c0)
+---
+ crypto/x509/x509_cmp.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/crypto/x509/x509_cmp.c
++++ b/crypto/x509/x509_cmp.c
+@@ -87,6 +87,8 @@ unsigned long X509_issuer_and_serial_has
+ 
+     EVP_MD_CTX_init(&ctx);
+     f = X509_NAME_oneline(a->cert_info->issuer, NULL, 0);
++    if (f == NULL)
++        goto err;
+     if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))
+         goto err;
+     if (!EVP_DigestUpdate(&ctx, (unsigned char *)f, strlen(f)))