diff options
| author | Tjerk Meesters <datibbaw@php.net> | 2014-07-29 19:15:01 +0800 |
|---|---|---|
| committer | Tjerk Meesters <datibbaw@php.net> | 2014-07-29 19:15:01 +0800 |
| commit | a7dad26c4bf80b65c1abd51e1695b3895add27f5 (patch) | |
| tree | 1dead1ee707fecd56d850a0a06f82502ced38208 | |
| parent | 9720d92c671f31c80bec57d8ed864b8ac5efa914 (diff) | |
| download | php-git-a7dad26c4bf80b65c1abd51e1695b3895add27f5.tar.gz | |
Wildcards should only be used in the first name component; fixed comment style
| -rw-r--r-- | ext/openssl/xp_ssl.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c index 03a84bf363..ba35c8828a 100644 --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -274,11 +274,12 @@ static zend_bool matches_wildcard_name(const char *subjectname, const char *cert return 1; } - if (!(wildcard = strchr(certname, '*'))) { + /* wildcard, if present, must only be present in the left-most component */ + if (!(wildcard = strchr(certname, '*')) || memchr(certname, '.', wildcard - certname)) { return 0; } - // 1) prefix, if not empty, must match subject + /* 1) prefix, if not empty, must match subject */ prefix_len = wildcard - certname; if (prefix_len && strncasecmp(subjectname, certname, prefix_len) != 0) { return 0; |