ReceiveTempSMS/Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

crypt32: Only accept trailing NULLs in a certificate common name.

Browse Source
This commit is contained in:
Juan Lang 2012-01-31 08:59:36 -08:00 committed by Alexandre Julliard
parent 4775c76208
commit ab7f8a160f
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
dlls/crypt32/chain.c
View File

@ -3163,10 +3163,6 @@ static BOOL match_domain_component(LPCWSTR allowed_component, DWORD allowed_len,
*see_wildcard = FALSE; *see_wildcard = FALSE;
/* permit server_len to be one byte short if allowed_component is NULL terminated */
if(allowed_component[allowed_len-1] == 0)
allowed_len--;
if (server_len < allowed_len) if (server_len < allowed_len)
{ {
WARN_(chain)("domain component %s too short for %s\n", WARN_(chain)("domain component %s too short for %s\n",
@ -3226,6 +3222,13 @@ static BOOL match_common_name(LPCWSTR server_name, const CERT_RDN_ATTR *nameAttr
TRACE_(chain)("CN = %s\n", debugstr_wn(allowed_component, allowed_len)); TRACE_(chain)("CN = %s\n", debugstr_wn(allowed_component, allowed_len));
/* Remove trailing NULLs from the allowed name; while they shouldn't appear
* in a certificate in the first place, they sometimes do, and they should
* be ignored.
*/
while (allowed_len && allowed_component[allowed_len - 1] == 0)
allowed_len--;
/* From RFC 2818 (HTTP over TLS), section 3.1: /* From RFC 2818 (HTTP over TLS), section 3.1:
* "Names may contain the wildcard character * which is considered to match * "Names may contain the wildcard character * which is considered to match
* any single domain name component or component fragment. E.g., * any single domain name component or component fragment. E.g.,