25 lines
754 B
Diff
25 lines
754 B
Diff
From 7da6afe3dac7d65b30f87f2c5d305b6e699bc5dc Mon Sep 17 00:00:00 2001
|
|
From: Daniel Kubec <kubec@openssl.org>
|
|
Date: Fri, 9 Jan 2026 14:33:24 +0100
|
|
Subject: [PATCH] ossl_quic_get_cipher_by_char(): Add a NULL guard before
|
|
dereferencing SSL_CIPHER
|
|
|
|
Fixes CVE-2025-15468
|
|
---
|
|
ssl/quic/quic_impl.c | 2 ++
|
|
1 file changed, 2 insertions(+)
|
|
|
|
diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
|
|
index 87c1370a8d6..89c108a9734 100644
|
|
--- a/ssl/quic/quic_impl.c
|
|
+++ b/ssl/quic/quic_impl.c
|
|
@@ -5222,6 +5222,8 @@ const SSL_CIPHER *ossl_quic_get_cipher_by_char(const unsigned char *p)
|
|
{
|
|
const SSL_CIPHER *ciph = ssl3_get_cipher_by_char(p);
|
|
|
|
+ if (ciph == NULL)
|
|
+ return NULL;
|
|
if ((ciph->algorithm2 & SSL_QUIC) == 0)
|
|
return NULL;
|
|
|