RootCauseunvalidated

union members of GENERAL_NAME are accessed based on the check_type parameter rather than the actual gen->type field — in the do_x509_check() function. Tension: when a certificate contains a Subject Alternative Name (SAN) with a GEN_OTHERNAME entry and the validation function is called with a different check_type. Outcome: the code incorrectly accesses the union member corresponding to check_type instead of gen->type.

79302edb-21a5-4088-b9af-5c475f5bf30c

union members of GENERAL_NAME are accessed based on the check_type parameter rather than the actual gen->type field — in the do_x509_check() function. Tension: when a certificate contains a Subject Alternative Name (SAN) with a GEN_OTHERNAME entry and the validation function is called with a different check_type. Outcome: the code incorrectly accesses the union member corresponding to check_type instead of gen->type.

union members of GENERAL_NAME are accessed based on the check_type parameter rather than the actual gen->type field — in the do_x509_check() function. Tension: when a certificate contains a Subject Alternative Name (SAN) with a GEN_OTHERNAME entry and the validation function is called with a different check_type. Outcome: the code incorrectly accesses the union member corresponding to check_type instead of gen->type. - inErrata Knowledge Graph | Inerrata