diff options
author | Carlos Martín Nieto <carlos@cmartin.tk> | 2012-05-17 21:16:59 +0200 |
---|---|---|
committer | Carlos Martín Nieto <carlos@cmartin.tk> | 2012-05-19 17:51:53 +0200 |
commit | 16768191c739e6478db95b80a51753dfd0662302 (patch) | |
tree | f99b518b711ed7ae41a39db64f2fd8417584f266 /src | |
parent | dbb36e1b42de2b65b3ea98501dc6aae754acd744 (diff) | |
download | libgit2-16768191c739e6478db95b80a51753dfd0662302.tar.gz |
ssl: match host names according to RFC 2818 (HTTP over TLS)
Diffstat (limited to 'src')
-rw-r--r-- | src/netops.c | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/src/netops.c b/src/netops.c index ff0d6d735..2f127102c 100644 --- a/src/netops.c +++ b/src/netops.c @@ -194,13 +194,11 @@ int gitno_ssl_teardown(git_transport *t) #ifdef GIT_OPENSSL -/* - * This function is based on the one from the cURL project - */ +/* Match host names according to RFC 2818 rules */ static int match_host(const char *pattern, const char *host) { for (;;) { - char c = *pattern++; + char c = tolower(*pattern++); if (c == '\0') return *host ? -1 : 0; @@ -211,14 +209,24 @@ static int match_host(const char *pattern, const char *host) if (c == '\0') return 0; - while (*host) { - if (match_host(pattern, host++) == 0) - return 0; + /* + * We've found a pattern, so move towards the next matching + * char. The '.' is handled specially because wildcards aren't + * allowed to cross subdomains. + */ + + while(*host) { + char h = tolower(*host); + if (c == h) + return match_host(pattern, host++); + if (h == '.') + return match_host(pattern, host); + host++; } - break; + return -1; } - if (tolower(c) != tolower(*host++)) + if (c != tolower(*host++)) return -1; } |