Commit b3a555a0a7 for openssl.org

commit b3a555a0a7aa0028887149f6f973af89a4937bea
Author: Bob Beck <beck@openssl.org>
Date:   Fri Apr 17 12:21:16 2026 -0600

    Fix length miscalculation in validate_email

    We incorrectly used the length of the domain part for the local part
    when validating e-mail for X509_VERIFY_PARAM_set1_email().

    Fixes CVE-2026-42771

    Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
    Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
    MergeDate: Mon Jun  8 19:59:28 2026

diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index c115bb3c9b..f0858e357e 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -271,8 +271,8 @@ static int validate_hostname_part(const char *name, size_t len,
             }
             if (!is_label_ok(c, charset) && c != '-')
                 return 0;
+            part_len++;
         }
-        part_len++;
         if (part_len > 63)
             return 0;

@@ -324,11 +324,11 @@ static int validate_email_name(const char *name, size_t len, int rfc822)
         at = next;

     /* Ensure the local part is not oversize */
-    local_len = len - (at - name);
+    local_len = at - name;
     if (local_len > 64)
         goto err;

-    if (!validate_local_part(name, len, &local_charset))
+    if (!validate_local_part(name, local_len, &local_charset))
         goto err;

     if (rfc822 && local_charset == OSSL_CHARSET_NONASCII)