From 0755f8f44bcb35f71c0802526427f7744bc927a9 Mon Sep 17 00:00:00 2001
From: beck <>
Date: Fri, 11 Sep 2015 13:12:29 +0000
Subject: Do not match a wildcard against a name with no host part. ok jsing@

---
 src/lib/libtls/tls_verify.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/lib/libtls/tls_verify.c b/src/lib/libtls/tls_verify.c
index c6f29c897d..9a0f97eada 100644
--- a/src/lib/libtls/tls_verify.c
+++ b/src/lib/libtls/tls_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_verify.c,v 1.12 2015/09/11 12:56:55 beck Exp $ */
+/* $OpenBSD: tls_verify.c,v 1.13 2015/09/11 13:12:29 beck Exp $ */
 /*
  * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
  *
@@ -69,6 +69,9 @@ tls_match_name(const char *cert_name, const char *name)
 
 		domain = strchr(name, '.');
 
+		/* No wildcard match against a name with no host part. */
+		if (name[0] == '.')
+			return -1;
 		/* No wildcard match against a name with no domain part. */
 		if (domain == NULL || strlen(domain) == 1)
 			return -1;
-- 
cgit v1.2.3-55-g6feb