diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-09-06 15:14:41 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-09-06 15:14:41 +0000 |
commit | cd447875e65fb8de648bfa30126e24f2786e2040 (patch) | |
tree | 248533b744525270ed67e522afa94341183b9b2e /crypto/x509 | |
parent | 692a94293c833515999b43b03ae4f862a105cfb0 (diff) |
Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past
produce an error (CVE-2011-3207)
Diffstat (limited to 'crypto/x509')
-rw-r--r-- | crypto/x509/x509_vfy.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index ec9f6259fe..0381c4a502 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -698,6 +698,7 @@ static int check_cert(X509_STORE_CTX *ctx) x = sk_X509_value(ctx->chain, cnum); ctx->current_cert = x; ctx->current_issuer = NULL; + ctx->current_crl_score = 0; ctx->current_reasons = 0; while (ctx->current_reasons != CRLDP_ALL_REASONS) { @@ -2010,6 +2011,9 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, ctx->error_depth=0; ctx->current_cert=NULL; ctx->current_issuer=NULL; + ctx->current_crl=NULL; + ctx->current_crl_score=0; + ctx->current_reasons=0; ctx->tree = NULL; ctx->parent = NULL; |