summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libcrypto/x509/x509_constraints.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/src/lib/libcrypto/x509/x509_constraints.c b/src/lib/libcrypto/x509/x509_constraints.c
index 6cea794560..27d87d4c11 100644
--- a/src/lib/libcrypto/x509/x509_constraints.c
+++ b/src/lib/libcrypto/x509/x509_constraints.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_constraints.c,v 1.22 2022/03/13 16:25:58 tb Exp $ */ 1/* $OpenBSD: x509_constraints.c,v 1.23 2022/03/13 17:23:02 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2020 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
4 * 4 *
@@ -636,7 +636,11 @@ int
636x509_constraints_dirname(uint8_t *dirname, size_t dlen, 636x509_constraints_dirname(uint8_t *dirname, size_t dlen,
637 uint8_t *constraint, size_t len) 637 uint8_t *constraint, size_t len)
638{ 638{
639 if (len != dlen) 639 /*
640 * The constraint must be a prefix in DER format, so it can't be
641 * longer than the name it is checked against.
642 */
643 if (len > dlen)
640 return 0; 644 return 0;
641 return (memcmp(constraint, dirname, len) == 0); 645 return (memcmp(constraint, dirname, len) == 0);
642} 646}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-29 13:01:31 +0000