Página inicial Explorar Ajuda
Registrar Entrar
hebinlong
/
aria2
1
0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Ver código fonte

Remove trailing "." from SAN and CN

Tatsuhiro Tsujikawa 9 anos atrás
pai
3bb2946437
commit
aab2472390
2 arquivos alterados com 39 adições e 1 exclusões
Visão dividida Mostrar estatísticas do Diff
  1. 19 1
      src/LibgnutlsTLSSession.cc
  2. 20 0
      src/LibsslTLSSession.cc

+ 19 - 1
src/LibgnutlsTLSSession.cc
Ver arquivo 

@@ -313,6 +313,17 @@ int GnuTLSSession::tlsConnect(const std::string& hostname, TLSVersion& version,
 
       ret = gnutls_x509_crt_get_subject_alt_name(cert, i, altName, &altNameLen,
 
                                                  nullptr);
 
       if (ret == GNUTLS_SAN_DNSNAME) {
 
+        if (altNameLen == 0) {
 
+          continue;
 
+        }
 
+
 
+        if (altName[altNameLen - 1] == '.') {
 
+          --altNameLen;
 
+          if (altNameLen == 0) {
 
+            continue;
 
+          }
 
+        }
 
+
 
         dnsNames.push_back(std::string(altName, altNameLen));
 
       }
 
       else if (ret == GNUTLS_SAN_IPADDRESS) {
 
@@ -323,7 +334,14 @@ int GnuTLSSession::tlsConnect(const std::string& hostname, TLSVersion& version,
 
     ret = gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME, 0, 0,
 
                                         altName, &altNameLen);
 
     if (ret == 0) {
 
-      commonName.assign(altName, altNameLen);
 
+      if (altNameLen > 0) {
 
+        if (altName[altNameLen - 1] == '.') {
 
+          --altNameLen;
 
+          if (altNameLen > 0) {
 
+            commonName.assign(altName, altNameLen);
 
+          }
 
+        }
 
+      }
 
     }
 
     if (!net::verifyHostname(hostname, dnsNames, ipAddrs, commonName)) {
 
       handshakeErr = "hostname does not match";

+ 20 - 0
src/LibsslTLSSession.cc
Ver arquivo 

@@ -259,6 +259,15 @@ int OpenSSLTLSSession::tlsConnect(const std::string& hostname,
 
             continue;
 
           }
 
           size_t len = ASN1_STRING_length(altName->d.ia5);
 
+          if (len == 0) {
 
+            continue;
 
+          }
 
+          if (name[len - 1] == '.') {
 
+            --len;
 
+            if (len == 0) {
 
+              continue;
 
+            }
 
+          }
 
           dnsNames.push_back(std::string(name, len));
 
         }
 
         else if (altName->type == GEN_IPADD) {
 
@@ -290,6 +299,17 @@ int OpenSSLTLSSession::tlsConnect(const std::string& hostname,
 
       if (outlen < 0) {
 
         continue;
 
       }
 
+      if (outlen == 0) {
 
+        OPENSSL_free(out);
 
+        continue;
 
+      }
 
+      if (out[outlen - 1] == '.') {
 
+        --outlen;
 
+        if (outlen == 0) {
 
+          OPENSSL_free(out);
 
+          continue;
 
+        }
 
+      }
 
       commonName.assign(&out[0], &out[outlen]);
 
       OPENSSL_free(out);
 
       break;