Hi! I am a maintainer from Cloudlinux, Inc. Could you help me please to identify whether my version of openssl is vulnerable or not.

As I see, CHANGES message tells: "X.400 addresses were parsed as an ASN1_STRING". Can you actually point where it happens exactly (function name(s)/code fragment)? I would like to see whether they are parsed like this in my version or not.

This commit shows the change. That's where it happens.

2c6c9d4#diff-c3891ec50d81d873dd6a01a5c67da03a5e137d4aea4d285284af43a3d04cb352

As far, as I see, this code fragment only shows, that the x400Address were compared as ASN1_TYPE cmp function, but by this time they have been already parsed from source as ASN1_STRING somewhere else in the code. This "hidden" code is not touched by commit directly (because there is no need). I would like to find this code fragment responsible for parsing.

Because if at some previous version this "hidden" code fragment was different somehow and parsed x400Address as ASN1_TYPE, it would mean that code is not affected at this previous version of openssl.

The problem is not in the parsing of the string, it's in the incorrect comparison being called on the results of the parse.

Did you read the advisory? All versions of OpenSSL from 1.0.2 are vulnerable. I would expect 1.1.0 and versions prior to 1.0.2 are also vulnerable, at least back as far as when this function was introduced. If you are running a version not mentioned in the advisory, you've got other unpatched CVEs to worry about.

I understand that problem in not in parsing of the string, nevertheless I would like to see the code responsible of doing it. I am worried, because, for example, RedHat claims that their openssl on RHEL6 is not vulnerable, but source code still has GENERAL_NAME_cmp function with the same code fragment, but somehow redhat believes it is not vulnerable. I assume the have seen some sort of deference in parsing code and don't see any mismatch at their version of openssl. May be may guess is wrong, but still I am interested in verifying it.

@paulidale Thanks for you replies! You ensured me that binary format should be ASN1_STRING and point about Security Advisory made me think that prolly RedHat stated that their version of openssl is not vulnerable due to info mentioned in advisory (openssl 1.0.1 is not mentioned at all) instead of verifying the code exactly. I'll contact them directly to get more information.

1.0.x versions are identical in this regard. However 0.9.8 does not seem to have GENERAL_NAME_cmp. I did not investigate in depth though.

I assume the have seen some sort of deference in parsing code and don't see any mismatch at their version of openssl.

The mismatch comes from crypto/asn1/tasn_*.c, which walk a type-erased table with offsetofs. The type in GENERAL_NAME's table did not match the C structure. OpenSSL's ASN.1 library is quite hairy and loses most type-checking in C, which is why the patch is odd.

1.0.x versions are identical in this regard. However 0.9.8 does not seem to have GENERAL_NAME_cmp. I did not investigate in depth though.

This was answered in the writeup I sent you all when I originally reported the issue. :-P

This bug has been present since OpenSSL 0.9.7, though there were no offending accesses within the library then.
The bug became reachable from X.509 CRL handling (and likely the Time-Stamp Protocol) in OpenSSL 1.0.0.

I found the ASN1 struct definition of x400Address in crypto\x509v3\v3_genn.c: ASN1_IMP(GENERAL_NAME, d.x400Address, ASN1_SEQUENCE, GEN_X400). X400Address is specified as the SEQUENCE type instead of ASN1_STRING. I'm curious how openssl converts this definition into ASN1_STRING.