diff options
| author | beck <> | 2015-09-11 13:12:29 +0000 |
|---|---|---|
| committer | beck <> | 2015-09-11 13:12:29 +0000 |
| commit | 0755f8f44bcb35f71c0802526427f7744bc927a9 (patch) | |
| tree | 9fb955221eb10184af7b9aa3ccae52b1f26db63c | |
| parent | 7027db6877e625679678e60219d04cd8a6d81989 (diff) | |
| download | openbsd-0755f8f44bcb35f71c0802526427f7744bc927a9.tar.gz openbsd-0755f8f44bcb35f71c0802526427f7744bc927a9.tar.bz2 openbsd-0755f8f44bcb35f71c0802526427f7744bc927a9.zip | |
Do not match a wildcard against a name with no host part.
ok jsing@
| -rw-r--r-- | src/lib/libtls/tls_verify.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/lib/libtls/tls_verify.c b/src/lib/libtls/tls_verify.c index c6f29c897d..9a0f97eada 100644 --- a/src/lib/libtls/tls_verify.c +++ b/src/lib/libtls/tls_verify.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls_verify.c,v 1.12 2015/09/11 12:56:55 beck Exp $ */ | 1 | /* $OpenBSD: tls_verify.c,v 1.13 2015/09/11 13:12:29 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> | 3 | * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> |
| 4 | * | 4 | * |
| @@ -69,6 +69,9 @@ tls_match_name(const char *cert_name, const char *name) | |||
| 69 | 69 | ||
| 70 | domain = strchr(name, '.'); | 70 | domain = strchr(name, '.'); |
| 71 | 71 | ||
| 72 | /* No wildcard match against a name with no host part. */ | ||
| 73 | if (name[0] == '.') | ||
| 74 | return -1; | ||
| 72 | /* No wildcard match against a name with no domain part. */ | 75 | /* No wildcard match against a name with no domain part. */ |
| 73 | if (domain == NULL || strlen(domain) == 1) | 76 | if (domain == NULL || strlen(domain) == 1) |
| 74 | return -1; | 77 | return -1; |