openGauss-third_party/dependency/openssl/CVE-2026-28388.patch-代码预览-openGauss-third_party:基于开源生态的数据库依赖编译项目 - AtomGit

jyn88fix cve-2026-28387 cve-2026-28388

From 59c3b3158553ab53275bbbccca5cb305d591cf2e Mon Sep 17 00:00:00 2001
From: Daniel Kubec <kubec@openssl.org>
Date: Tue, 17 Mar 2026 11:11:22 +0100
Subject: [PATCH] Fix NULL Dereference When Delta CRL Lacks CRL Number
 Extension

Fixes CVE-2026-28388

Co-authored-by: Igor Morgenstern <igor.morgenstern@aisle.com>

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Mon Apr  6 19:27:16 2026
(cherry picked from commit d6ad8595e86dc96ca8771f0a1714b31794befa75)
---
 crypto/x509/x509_vfy.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1160,6 +1160,8 @@ static int check_delta_base(X509_CRL *delta, X509_CRL *base)
     /* Delta CRL base number must not exceed Full CRL number. */
     if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0)
         return 0;
     /* Delta CRL number must exceed full CRL number */
+    if (delta->crl_number == NULL)
+        return 0;
     return ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0;
 }
-- 
2.52.0.windows.1