From fcd34624a14a3bfe8b445b57cbfa81b945b3706e Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Wed, 11 Feb 2015 12:08:22 -0800 Subject: Drop hostlen from X509_VERIFY_PARAM_ID. Just store NUL-terminated strings. This works better when we add support for multiple hostnames. (Imported from upstream's d93edc0aab98377f42dd19312248597a018a7889.) Change-Id: Ib3bf8a8c654b829b4432782ba21ba55c3d4a0582 --- crypto/x509/vpm_int.h | 1 - crypto/x509/x509_vfy.c | 3 +-- crypto/x509/x509_vpm.c | 8 +++----- crypto/x509v3/v3_utl.c | 2 ++ 4 files changed, 6 insertions(+), 8 deletions(-) (limited to 'crypto') diff --git a/crypto/x509/vpm_int.h b/crypto/x509/vpm_int.h index d18a4d48..dd33f883 100644 --- a/crypto/x509/vpm_int.h +++ b/crypto/x509/vpm_int.h @@ -61,7 +61,6 @@ struct X509_VERIFY_PARAM_ID_st { unsigned char *host; /* If not NULL hostname to match */ - size_t hostlen; unsigned int hostflags; /* Flags to control matching features */ unsigned char *email; /* If not NULL email address to match */ size_t emaillen; diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 285bcaf4..3c492ab1 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -709,8 +709,7 @@ static int check_id(X509_STORE_CTX *ctx) X509_VERIFY_PARAM *vpm = ctx->param; X509_VERIFY_PARAM_ID *id = vpm->id; X509 *x = ctx->cert; - if (id->host && !X509_check_host(x, id->host, id->hostlen, - id->hostflags)) + if (id->host && !X509_check_host(x, id->host, strlen((const char*) id->host), id->hostflags)) { if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH)) return 0; diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 3daaf61b..7f646d82 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -88,7 +88,6 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param) { OPENSSL_free(paramid->host); paramid->host = NULL; - paramid->hostlen = 0; } if (paramid->email) { @@ -234,7 +233,7 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, if (test_x509_verify_param_copy_id(host, NULL)) { - if (!X509_VERIFY_PARAM_set1_host(dest, id->host, id->hostlen)) + if (!X509_VERIFY_PARAM_set1_host(dest, id->host, strlen((const char*) id->host))) return 0; dest->id->hostflags = id->hostflags; } @@ -396,8 +395,7 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, const unsigned char *name, size_t namelen) { - return int_x509_param_set1(¶m->id->host, ¶m->id->hostlen, - name, namelen); + return int_x509_param_set1(¶m->id->host, NULL, name, namelen); } void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, @@ -441,7 +439,7 @@ const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param) return param->name; } -static const X509_VERIFY_PARAM_ID _empty_id = {NULL, 0, 0U, NULL, 0, NULL, 0}; +static const X509_VERIFY_PARAM_ID _empty_id = {NULL, 0U, NULL, 0, NULL, 0}; #define vpm_empty_id (X509_VERIFY_PARAM_ID *)&_empty_id diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index d081c1c2..81741036 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -971,6 +971,8 @@ static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen, int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen, unsigned int flags) { + if (chk && memchr(chk, '\0', chklen)) + return 0; return do_x509_check(x, chk, chklen, flags, GEN_DNS); } -- cgit v1.2.3