From 5a9bbcceed5e6b7472c1c411e8cd570575a28486 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Fri, 24 Mar 2023 10:46:37 +0800
Subject: [PATCH] openssl SubjectAlternativeName and ExtendedKeyUsage::other
 allow arbitrary file read (#1656)

* openssl file disclosure

* Update crates/openssl/RUSTSEC-0000-0000.md

Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>

---------

Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
---
 crates/openssl/RUSTSEC-0000-0000.md | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 crates/openssl/RUSTSEC-0000-0000.md

diff --git a/crates/openssl/RUSTSEC-0000-0000.md b/crates/openssl/RUSTSEC-0000-0000.md
new file mode 100644
index 0000000..8e30d3b
--- /dev/null
+++ b/crates/openssl/RUSTSEC-0000-0000.md
@@ -0,0 +1,22 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "openssl"
+date = "2023-03-24"
+url = "https://github.com/sfackler/rust-openssl/pull/1854"
+categories = ["file-disclosure"]
+
+[affected]
+functions = { "openssl::x509::extension::SubjectAlternativeName::new" = ["< 0.10.48, >=0.9.7"], "openssl::x509::extension::ExtendedKeyUsage::other" = ["< 0.10.48, >=0.9.7"] }
+
+[versions]
+patched = [">= 0.10.48"]
+```
+
+# `openssl` `SubjectAlternativeName` and `ExtendedKeyUsage::other` allow arbitrary file read
+
+`SubjectAlternativeName` and `ExtendedKeyUsage` arguments were parsed using the OpenSSL
+function `X509V3_EXT_nconf`. This function parses all input using an OpenSSL mini-language
+which can perform arbitrary file reads.
+
+Thanks to David Benjamin (Google) for reporting this issue.