ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

crypt32: Update a comment to reflect a fixed vulnerability.

This commit is contained in:
Juan Lang 2009-11-10 10:18:36 -08:00 committed by Alexandre Julliard
parent dc99cee715
commit 7eb33b18da
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
dlls/crypt32/chain.c
View File

@ -2363,11 +2363,10 @@ static BOOL match_dns_to_subject_alt_name(PCERT_EXTENSION ext,
DWORD size;
TRACE_(chain)("%s\n", debugstr_w(server_name));
/* FIXME: This can be spoofed by the embedded NULL vulnerability. The
/* This could be spoofed by the embedded NULL vulnerability, since the
* returned CERT_ALT_NAME_INFO doesn't have a way to indicate the
* encoded length of a name, so a certificate issued to
* winehq.org\0badsite.com will get treated as having been issued to
* winehq.org.
* encoded length of a name. Fortunately CryptDecodeObjectEx fails if
* the encoded form of the name contains a NULL.
*/
if (CryptDecodeObjectEx(X509_ASN_ENCODING, X509_ALTERNATE_NAME,
ext->Value.pbData, ext->Value.cbData,