compat-openssl10/SOURCES/openssl-1.0.2-cve-2023-0286-X400.patch

From: Petr Hybl <phybl@redhat.com>
Date: Tue, 29 Apr 2025 17:45:42 +0000
Subject: CVE-2023-0286: Fix GENERAL_NAME_cmp for x400Address
diff --git a/crypto/x509v3/v3_genn.c b/crypto/x509v3/v3_genn.c
index 9bb01ee..8cbcbe0 100644
--- a/crypto/x509v3/v3_genn.c
+++ b/crypto/x509v3/v3_genn.c
@@ -116,6 +116,9 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
         return -1;
     switch (a->type) {
     case GEN_X400:
+        result = ASN1_STRING_cmp(a->d.x400Address, b->d.x400Address);
+        break;
+
     case GEN_EDIPARTY:
         result = ASN1_TYPE_cmp(a->d.other, b->d.other);
         break;
diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h
index f5c6156..7328acd 100644
--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@@ -190,7 +190,7 @@ typedef struct GENERAL_NAME_st {
         OTHERNAME *otherName;   /* otherName */
         ASN1_IA5STRING *rfc822Name;
         ASN1_IA5STRING *dNSName;
-        ASN1_TYPE *x400Address;
+        ASN1_STRING *x400Address;
         X509_NAME *directoryName;
         EDIPARTYNAME *ediPartyName;
         ASN1_IA5STRING *uniformResourceIdentifier;