diff options
| author | Rich Salz <rsalz@openssl.org> | 2015-01-12 18:39:00 +0100 |
|---|---|---|
| committer | Rich Salz <rsalz@openssl.org> | 2015-01-12 18:39:00 +0100 |
| commit | 31d1d3741f16bd80ec25f72dcdbf6bbdc5664374 (patch) | |
| tree | ac4872030b826f9ae61dafb2273b8e96b3f6babd /crypto | |
| parent | RT3548: Remove some unsupported platforms. (diff) | |
| download | openssl-31d1d3741f16bd80ec25f72dcdbf6bbdc5664374.tar.xz openssl-31d1d3741f16bd80ec25f72dcdbf6bbdc5664374.zip | |
Allow multiple IDN xn-- indicators
Update the X509v3 name parsing to allow multiple xn-- international
domain name indicators in a name. Previously, only allowed one at
the beginning of a name, which was wrong.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/x509v3/v3_utl.c | 35 |
1 files changed, 8 insertions, 27 deletions
diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index 10a7aa876a..c9a6e79838 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -752,7 +752,7 @@ static const unsigned char *valid_star(const unsigned char *p, size_t len, { int atstart = (state & LABEL_START); int atend = (i == len - 1 || p[i+i] == '.'); - /* + /*- * At most one wildcard per pattern. * No wildcards in IDNA labels. * No wildcards after the first label. @@ -769,45 +769,26 @@ static const unsigned char *valid_star(const unsigned char *p, size_t len, star = &p[i]; state &= ~LABEL_START; } - else if ((state & LABEL_START) != 0) - { - /* - * At the start of a label, skip any "xn--" and - * remain in the LABEL_START state, but set the - * IDNA label state - */ - if ((state & LABEL_IDNA) == 0 && len - i >= 4 - && strncasecmp((char *)&p[i], "xn--", 4) == 0) - { - i += 3; - state |= LABEL_IDNA; - continue; - } - /* Labels must start with a letter or digit */ - state &= ~LABEL_START; - if (('a' <= p[i] && p[i] <= 'z') - || ('A' <= p[i] && p[i] <= 'Z') - || ('0' <= p[i] && p[i] <= '9')) - continue; - return NULL; - } else if (('a' <= p[i] && p[i] <= 'z') || ('A' <= p[i] && p[i] <= 'Z') || ('0' <= p[i] && p[i] <= '9')) { - state &= LABEL_IDNA; - continue; + if ((state & LABEL_START) != 0 + && len - i >= 4 + && strncasecmp((char *)&p[i], "xn--", 4) == 0) + state |= LABEL_IDNA; + state &= ~(LABEL_HYPHEN|LABEL_START); } else if (p[i] == '.') { - if (state & (LABEL_HYPHEN | LABEL_START)) + if ((state & (LABEL_HYPHEN | LABEL_START)) != 0) return NULL; state = LABEL_START; ++dots; } else if (p[i] == '-') { - if (state & LABEL_HYPHEN) + if ((state & LABEL_HYPHEN) != 0) return NULL; state |= LABEL_HYPHEN; } |