mirror of
https://github.com/opnsense/src.git
synced 2026-02-20 00:11:07 -05:00
5946b0c6cb
The incorrectly typed data is read only, used in a compare operation, so neither remote code execution, nor memory content disclosure were possible. However, applications performing certificate name checks were vulnerable to denial of service. The GENERAL_TYPE data type is a union, and we must take care to access the correct member, based on `gen->type`, not all the member fields have the same structure, and a segfault is possible if the wrong member field is read. The code in question was lightly refactored with the intent to make it more obviously correct. Security: CVE-2024-6119 Obtained from: OpenSSL Project (cherry picked from commit 1486960d6cdb052e4fc0109a56a0597b4e902ba1) |
||
|---|---|---|
| .. | ||
| heimdal | ||
| openssh | ||
| openssl | ||
| README | ||
This directory is for the EXACT same use as src/contrib, except it holds crypto sources. In other words, this holds raw sources obtained from various third party vendors, with FreeBSD patches applied. No compilation is done from this directory, it is all done from the src/secure directory. The separation between src/contrib and src/crypto is the result of an old USA law, which made these sources export controlled, so they had to be kept separate.