diff options
author | Maxim Dounin <mdounin@mdounin.ru> | 2014-04-23 20:31:31 +0400 |
---|---|---|
committer | Maxim Dounin <mdounin@mdounin.ru> | 2014-04-23 20:31:31 +0400 |
commit | 6898a634d3cdd7df70bb8b112a74bfd98253c1f4 (patch) | |
tree | b5eae5356fab97bc526d62f6e365990f483cdcf7 | |
parent | c728709316d34735eb27875af0d8df889b145f45 (diff) |
SSL: explicit handling of empty names.
X509_check_host() can't handle non null-terminated names with zero length,
so make sure to fail before calling it.
-rw-r--r-- | src/event/ngx_event_openssl.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index f885a5c7f..88472fc90 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -2504,6 +2504,10 @@ ngx_ssl_check_host(ngx_connection_t *c, ngx_str_t *name) /* X509_check_host() is only available in OpenSSL 1.0.2+ */ + if (name->len == 0) { + goto failed; + } + if (X509_check_host(cert, name->data, name->len, 0) != 1) { ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "X509_check_host(): no match"); |