Don't assume the type we read was the type we expected

i2v_GENERAL_NAME and GENERAL_NAME_print were assuming that the type of of a GENERAL_NAME (OTHERNAME) that we read in was the type we expected it to be. If its something else then this can cause unexpected behaviour. In the added fuzz test case an OOB read was occurring. This issue was recently added by commit 4baee2d. Credit to OSSFuzz for finding this issue. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10300)
author: Matt Caswell <matt@openssl.org> 2019-10-30 14:23:18 +0100
committer: Matt Caswell <matt@openssl.org> 2019-11-04 13:49:19 +0100
commit: aec9667bd19a8ca9bdd519db3a231a95b9e92674 (patch)
tree: a8aad958d436f5ab95151169f6c03c919d03a65d /fuzz
parent: Don't leak memory in the event of a failure in i2v_GENERAL_NAMES (diff)
download: openssl-aec9667bd19a8ca9bdd519db3a231a95b9e92674.tar.xz
openssl-aec9667bd19a8ca9bdd519db3a231a95b9e92674.zip
1 files changed, 0 insertions, 0 deletions
diff --git a/fuzz/corpora/x509/9901a721c7fe85b8208198cc5e77ac719f592577 b/fuzz/corpora/x509/9901a721c7fe85b8208198cc5e77ac719f592577
new file mode 100644
index 0000000000..40369cd294
--- /dev/null
+++ b/fuzz/corpora/x509/9901a721c7fe85b8208198cc5e77ac719f592577
author	Matt Caswell <matt@openssl.org>	2019-10-30 14:23:18 +0100
committer	Matt Caswell <matt@openssl.org>	2019-11-04 13:49:19 +0100
commit	aec9667bd19a8ca9bdd519db3a231a95b9e92674 (patch)
tree	a8aad958d436f5ab95151169f6c03c919d03a65d /fuzz
parent	Don't leak memory in the event of a failure in i2v_GENERAL_NAMES (diff)
download	openssl-aec9667bd19a8ca9bdd519db3a231a95b9e92674.tar.xz openssl-aec9667bd19a8ca9bdd519db3a231a95b9e92674.zip