From f653cfa43f0f20e8c440122ea982382b6228e7f5 Mon Sep 17 00:00:00 2001
From: Kazuki Yamaguchi <k@rhe.jp>
Date: Fri, 27 Jul 2018 17:01:04 +0900
Subject: x509name: fix OpenSSL::X509::Name#{cmp,<=>}

Fix wrong use of X509_NAME_cmp() return value. OpenSSL::X509::Name#<=>
could return 0 when the two objects aren't identical.

Reported by Tyler Eckstein. CVE-2018-16395.

Reference: https://hackerone.com/reports/387250
---
 ext/openssl/ossl_x509name.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'ext/openssl/ossl_x509name.c')

diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c
index ac98c1b9..4753fa49 100644
--- a/ext/openssl/ossl_x509name.c
+++ b/ext/openssl/ossl_x509name.c
@@ -358,7 +358,7 @@ ossl_x509name_cmp(VALUE self, VALUE other)
 
     result = ossl_x509name_cmp0(self, other);
     if (result < 0) return INT2FIX(-1);
-    if (result > 1) return INT2FIX(1);
+    if (result > 0) return INT2FIX(1);
 
     return INT2FIX(0);
 }
-- 
cgit v1.2.3