diff options
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_constraints.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/src/lib/libcrypto/x509/x509_constraints.c b/src/lib/libcrypto/x509/x509_constraints.c index 533bbbf4ca..c68f282a05 100644 --- a/src/lib/libcrypto/x509/x509_constraints.c +++ b/src/lib/libcrypto/x509/x509_constraints.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_constraints.c,v 1.26 2022/03/26 16:34:21 tb Exp $ */ | 1 | /* $OpenBSD: x509_constraints.c,v 1.27 2022/06/26 11:29:27 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> |
| 4 | * | 4 | * |
| @@ -489,8 +489,17 @@ x509_constraints_uri_host(uint8_t *uri, size_t len, char **hostpart) | |||
| 489 | break; | 489 | break; |
| 490 | } | 490 | } |
| 491 | } | 491 | } |
| 492 | if (authority == NULL) | 492 | if (authority == NULL) { |
| 493 | return 0; | 493 | /* |
| 494 | * There is no authority, so no host part in this | ||
| 495 | * URI. This might be ok or might not, but it must | ||
| 496 | * fail if we run into a name constraint later, so | ||
| 497 | * we indicate that we have a URI with an empty | ||
| 498 | * host part, and succeed. | ||
| 499 | */ | ||
| 500 | *hostpart = strdup(""); | ||
| 501 | return 1; | ||
| 502 | } | ||
| 494 | for (i = authority - uri; i < len; i++) { | 503 | for (i = authority - uri; i < len; i++) { |
| 495 | if (!isascii(uri[i])) | 504 | if (!isascii(uri[i])) |
| 496 | return 0; | 505 | return 0; |