From cf3eec32e7a6acbaecd14871fb75ad34fb76c3e7 Mon Sep 17 00:00:00 2001
From: beck <>
Date: Mon, 13 Apr 2026 17:04:23 +0000
Subject: Prior to this we substring matched and allowed a leading . on a SAN
 DNSname constraint. This is not correct, as with a DNSname constraint, it may
 exacly match or match zero or more additional components on the front of the
 candidte to match.

Spotted by Haruto Kimura <hkimura2026@gmail.com>

ok tb@ kenjiro@
---
 src/lib/libcrypto/x509/x509_constraints.c | 27 +++++++++++++++++++++++----
 src/lib/libcrypto/x509/x509_internal.h    |  4 +++-
 2 files changed, 26 insertions(+), 5 deletions(-)

(limited to 'src/lib/libcrypto')

diff --git a/src/lib/libcrypto/x509/x509_constraints.c b/src/lib/libcrypto/x509/x509_constraints.c
index 0773d2ba71..c4f32c9cfc 100644
--- a/src/lib/libcrypto/x509/x509_constraints.c
+++ b/src/lib/libcrypto/x509/x509_constraints.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_constraints.c,v 1.32 2023/09/29 15:53:59 beck Exp $ */
+/* $OpenBSD: x509_constraints.c,v 1.33 2026/04/13 17:04:23 beck Exp $ */
 /*
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
  *
@@ -578,11 +578,30 @@ x509_constraints_sandns(char *sandns, size_t dlen, char *constraint, size_t len)
 	if (len == 0)
 		return 1; /* an empty constraint matches everything */
 
-	/* match the end of the domain */
 	if (dlen < len)
 		return 0;
-	suffix = sandns + (dlen - len);
-	return (strncasecmp(suffix, constraint, len) == 0);
+
+	if (dlen == len)
+		return (strncasecmp(sandns, constraint, len) == 0);
+
+	/* Support a constraint with a leading "." */
+	if (constraint[0] == '.') {
+		constraint++;
+		len--;
+	}
+
+	/*
+	 * Otherwise we must have at least one extra component
+	 * to match, so there must be more than just a leading .
+	 */
+	if (dlen - len > 1) {
+		suffix = sandns + (dlen - len);
+		if (suffix[-1] != '.')
+			return 0;
+		return (strncasecmp(suffix, constraint, len) == 0);
+	}
+
+	return 0;
 }
 
 /*
diff --git a/src/lib/libcrypto/x509/x509_internal.h b/src/lib/libcrypto/x509/x509_internal.h
index 9b9980ece5..e933cd9f2d 100644
--- a/src/lib/libcrypto/x509/x509_internal.h
+++ b/src/lib/libcrypto/x509/x509_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_internal.h,v 1.28 2024/05/19 07:12:50 jsg Exp $ */
+/* $OpenBSD: x509_internal.h,v 1.29 2026/04/13 17:04:23 beck Exp $ */
 /*
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
  *
@@ -116,6 +116,8 @@ int x509_constraints_valid_host(CBS *cbs, int permit_ip);
 int x509_constraints_valid_sandns(CBS *cbs);
 int x509_constraints_domain(char *domain, size_t dlen, char *constraint,
     size_t len);
+int x509_constraints_sandns(char *domain, size_t dlen, char *constraint,
+    size_t len);
 int x509_constraints_parse_mailbox(CBS *candidate,
     struct x509_constraints_name *name);
 int x509_constraints_valid_domain_constraint(CBS *cbs);
-- 
cgit v1.2.3-55-g6feb