From d93edc0aab98377f42dd19312248597a018a7889 Mon Sep 17 00:00:00 2001 From: Viktor Dukhovni Date: Sun, 22 Jun 2014 01:35:44 -0400 Subject: [PATCH] Drop hostlen from X509_VERIFY_PARAM_ID. Just store NUL-terminated strings. This works better when we add support for multiple hostnames. (cherry picked from commit b3012c698a086937319ed413a113ed7bec1edd1a) --- crypto/x509/vpm_int.h | 1 - crypto/x509/x509_vfy.c | 3 +-- crypto/x509/x509_vpm.c | 8 +++----- crypto/x509v3/v3_utl.c | 4 ++++ 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/crypto/x509/vpm_int.h b/crypto/x509/vpm_int.h index d18a4d48e9..dd33f88387 100644 --- a/crypto/x509/vpm_int.h +++ b/crypto/x509/vpm_int.h @@ -61,7 +61,6 @@ struct X509_VERIFY_PARAM_ID_st { unsigned char *host; /* If not NULL hostname to match */ - size_t hostlen; unsigned int hostflags; /* Flags to control matching features */ unsigned char *email; /* If not NULL email address to match */ size_t emaillen; diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 2917819cc9..acfe10bd04 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -724,8 +724,7 @@ static int check_id(X509_STORE_CTX *ctx) X509_VERIFY_PARAM *vpm = ctx->param; X509_VERIFY_PARAM_ID *id = vpm->id; X509 *x = ctx->cert; - if (id->host && !X509_check_host(x, id->host, id->hostlen, - id->hostflags)) + if (id->host && !X509_check_host(x, id->host, 0, id->hostflags)) { if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH)) return 0; diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index e5e258a9d3..8f985ff446 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -91,7 +91,6 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param) { OPENSSL_free(paramid->host); paramid->host = NULL; - paramid->hostlen = 0; } if (paramid->email) { @@ -237,7 +236,7 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, if (test_x509_verify_param_copy_id(host, NULL)) { - if (!X509_VERIFY_PARAM_set1_host(dest, id->host, id->hostlen)) + if (!X509_VERIFY_PARAM_set1_host(dest, id->host, 0)) return 0; dest->id->hostflags = id->hostflags; } @@ -399,8 +398,7 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, const unsigned char *name, size_t namelen) { - return int_x509_param_set1(¶m->id->host, ¶m->id->hostlen, - name, namelen); + return int_x509_param_set1(¶m->id->host, NULL, name, namelen); } void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, @@ -444,7 +442,7 @@ const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param) return param->name; } -static X509_VERIFY_PARAM_ID _empty_id = {NULL, 0, 0U, NULL, 0, NULL, 0}; +static X509_VERIFY_PARAM_ID _empty_id = {NULL, 0U, NULL, 0, NULL, 0}; #define vpm_empty_id (X509_VERIFY_PARAM_ID *)&_empty_id diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index 6e91ac9816..5401d90e10 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -972,6 +972,10 @@ static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen, int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen, unsigned int flags) { + if (chklen == 0) + chklen = chk ? strlen((char *)chk) : 0; + else if (chk && memchr(chk, '\0', chklen)) + return 0; return do_x509_check(x, chk, chklen, flags, GEN_DNS); } -- 2.25.1