From ba98ceae97ed0940290fa7174f90def3e6a6b1d8 Mon Sep 17 00:00:00 2001 From: Bernd Kuhls Date: Sat, 2 May 2026 14:20:05 +0200 Subject: [PATCH] res_stir_shaken: avoid direct ASN1_STRING accesses https://github.com/openssl/openssl/issues/29117 Signed-off-by: Bernd Kuhls Resolves: #1952 --- res/res_stir_shaken/verification.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/res/res_stir_shaken/verification.c b/res/res_stir_shaken/verification.c index 209032e23b..3fed81a978 100644 --- a/res/res_stir_shaken/verification.c +++ b/res/res_stir_shaken/verification.c @@ -266,10 +266,10 @@ static enum ast_stir_shaken_vs_response_code LOG_ERROR, "%s: Cert '%s' doesn't have a TNAuthList extension\n", ctx->tag, ctx->public_url); } - octet_str_data = tn_exten->data; + octet_str_data = ASN1_STRING_get0_data(tn_exten); /* The first call to ASN1_get_object should return a SEQUENCE */ - ret = ASN1_get_object(&octet_str_data, &xlen, &tag, &xclass, tn_exten->length); + ret = ASN1_get_object(&octet_str_data, &xlen, &tag, &xclass, ASN1_STRING_length(tn_exten)); if (IS_GET_OBJ_ERR(ret)) { crypto_log_openssl(LOG_ERROR, "%s: Cert '%s' has malformed TNAuthList extension\n", ctx->tag, ctx->public_url); @@ -293,7 +293,7 @@ static enum ast_stir_shaken_vs_response_code * ATIS-1000080 however limits this to only ASN1_TAG_TNAUTH_SPC * */ - ret = ASN1_get_object(&octet_str_data, &xlen, &tag, &xclass, tn_exten->length); + ret = ASN1_get_object(&octet_str_data, &xlen, &tag, &xclass, ASN1_STRING_length(tn_exten)); if (IS_GET_OBJ_ERR(ret)) { crypto_log_openssl(LOG_ERROR, "%s: Cert '%s' has malformed TNAuthList extension\n", ctx->tag, ctx->public_url); @@ -307,7 +307,7 @@ static enum ast_stir_shaken_vs_response_code } /* The third call to ASN1_get_object should contain the SPC */ - ret = ASN1_get_object(&octet_str_data, &xlen, &tag, &xclass, tn_exten->length); + ret = ASN1_get_object(&octet_str_data, &xlen, &tag, &xclass, ASN1_STRING_length(tn_exten)); if (ret != 0) { SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_VS_CERT_NO_SPC_IN_TN_AUTH_EXT, LOG_ERROR, "%s: Cert '%s' has malformed TNAuthList extension (no SPC)\n",