From dd6b457d826067c635fb94da6b2872498fab0aca Mon Sep 17 00:00:00 2001 From: jsing <> Date: Tue, 20 Mar 2018 16:16:59 +0000 Subject: If X509_check_{host,email}() are called with a length of zero, use strlen() to determine the length. This is the documented behaviour and matches the OpenSSL implementation. Issue found by Michael Gmelin . ok tb@ --- src/lib/libcrypto/x509v3/v3_utl.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libcrypto/x509v3/v3_utl.c b/src/lib/libcrypto/x509v3/v3_utl.c index 04c789922b..67ecc81a44 100644 --- a/src/lib/libcrypto/x509v3/v3_utl.c +++ b/src/lib/libcrypto/x509v3/v3_utl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: v3_utl.c,v 1.26 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: v3_utl.c,v 1.27 2018/03/20 16:16:59 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -1015,7 +1015,9 @@ int X509_check_host(X509 *x, const char *chk, size_t chklen, { if (chk == NULL) return -2; - if (memchr(chk, '\0', chklen)) + if (chklen == 0) + chklen = strlen(chk); + else if (memchr(chk, '\0', chklen)) return -2; return do_x509_check(x, chk, chklen, flags, GEN_DNS, peername); } @@ -1025,7 +1027,9 @@ int X509_check_email(X509 *x, const char *chk, size_t chklen, { if (chk == NULL) return -2; - if (memchr(chk, '\0', chklen)) + if (chklen == 0) + chklen = strlen(chk); + else if (memchr(chk, '\0', chklen)) return -2; return do_x509_check(x, chk, chklen, flags, GEN_EMAIL, NULL); } -- cgit v1.2.3-55-g6feb