We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
@neild requested issue #65390 to be considered for backport to the next 1.21 minor release.
@gopherbot please open backport issues for this security fix.
The text was updated successfully, but these errors were encountered:
Change https://go.dev/cl/569238 mentions this issue: [release-branch.go1.21] crypto/x509: make sure pub key is non-nil before interface conversion
[release-branch.go1.21] crypto/x509: make sure pub key is non-nil before interface conversion
Sorry, something went wrong.
[release-branch.go1.21] crypto/x509: make sure pub key is non-nil bef…
be5b52b
…ore interface conversion alreadyInChain assumes all keys fit a interface which contains the Equal method (which they do), but this ignores that certificates may have a nil key when PublicKeyAlgorithm is UnknownPublicKeyAlgorithm. In this case alreadyInChain panics. Check that the key is non-nil as part of considerCandidate (we are never going to build a chain containing UnknownPublicKeyAlgorithm anyway). For #65390 Fixes #65392 Fixes CVE-2024-24783 Change-Id: Ibdccc0a487e3368b6812be35daad2512220243f3 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2137282 Reviewed-by: Damien Neil <[email protected]> Run-TryBot: Roland Shoemaker <[email protected]> Reviewed-by: Tatiana Bradley <[email protected]> Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2173774 Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-by: Carlos Amedee <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/569238 Auto-Submit: Michael Knyszek <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Carlos Amedee <[email protected]>
Closed by merging be5b52b to release-branch.go1.21.
neild
No branches or pull requests
@neild requested issue #65390 to be considered for backport to the next 1.21 minor release.
The text was updated successfully, but these errors were encountered: