summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libcrypto/x509/x509_constraints.c27
1 files changed, 17 insertions, 10 deletions
diff --git a/src/lib/libcrypto/x509/x509_constraints.c b/src/lib/libcrypto/x509/x509_constraints.c
index 6e88a94189..4f24277918 100644
--- a/src/lib/libcrypto/x509/x509_constraints.c
+++ b/src/lib/libcrypto/x509/x509_constraints.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_constraints.c,v 1.24 2022/03/14 21:15:49 tb Exp $ */ 1/* $OpenBSD: x509_constraints.c,v 1.25 2022/03/14 21:29:46 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2020 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
4 * 4 *
@@ -938,17 +938,24 @@ x509_constraints_validate(GENERAL_NAME *constraint,
938 name->type = GEN_DNS; 938 name->type = GEN_DNS;
939 break; 939 break;
940 case GEN_EMAIL: 940 case GEN_EMAIL:
941 if (memchr(bytes, '@', len) != NULL) { 941 if (len > 0 && memchr(bytes + 1, '@', len - 1) != NULL) {
942 if (!x509_constraints_parse_mailbox(bytes, len, name)) 942 if (!x509_constraints_parse_mailbox(bytes, len, name))
943 goto err; 943 goto err;
944 } else { 944 break;
945 if (!x509_constraints_valid_domain_constraint(bytes, 945 }
946 len)) 946 /*
947 goto err; 947 * Mail constraints of the form @domain.com are accepted by
948 if ((name->name = strdup(bytes)) == NULL) { 948 * OpenSSL and Microsoft.
949 error = X509_V_ERR_OUT_OF_MEM; 949 */
950 goto err; 950 if (len > 0 && bytes[0] == '@') {
951 } 951 bytes++;
952 len--;
953 }
954 if (!x509_constraints_valid_domain_constraint(bytes, len))
955 goto err;
956 if ((name->name = strdup(bytes)) == NULL) {
957 error = X509_V_ERR_OUT_OF_MEM;
958 goto err;
952 } 959 }
953 name->type = GEN_EMAIL; 960 name->type = GEN_EMAIL;
954 break; 961 break;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-20 07:43:52 +0000