Attachment #201459 for bug #281515

View | Details | Raw Unified | Return to bug 281515
Collapse All | Expand All




      if(check->type == target) {
        /* get data and length */
        const char *altptr = (char *)ASN1_STRING_data(check->d.ia5);
        size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5);


        switch(target) {
        case GEN_DNS: /* name/pattern comparison */

             "I checked the 0.9.6 and 0.9.8 sources before my patch and
             it always 0-terminates an IA5String."
          */
          if((altlen == strlen(altptr)) &&
             /* if this isn't true, there was an embedded zero in the name
                string and we cannot match it. */
             cert_hostcheck(altptr, conn->host.name))
            matched = TRUE;
          break;

        case GEN_IPADD: /* IP address comparison */
          /* compare alternative IP address if the data chunk is the same size
             our server IP address is */
          altlen = (size_t) ASN1_STRING_length(check->d.ia5);
          if((altlen == addrlen) && !memcmp(altptr, &addr, altlen))
            matched = TRUE;
          break;

         string manually to avoid the problem. This code can be made
         conditional in the future when OpenSSL has been fixed. Work-around
         brought by Alexis S. L. Carvalho. */
      if(tmp) {
        if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
          j = ASN1_STRING_length(tmp);
          if(j >= 0) {
            peer_CN = OPENSSL_malloc(j+1);
            if(peer_CN) {
              memcpy(peer_CN, ASN1_STRING_data(tmp), j);
              peer_CN[j] = '\0';
            }
          }
        }
        else /* not a UTF8 name */
          j = ASN1_STRING_to_UTF8(&peer_CN, tmp);

        if(peer_CN && ((int)strlen((char *)peer_CN) != j)) {
          /* there was a terminating zero before the end of string, this
             cannot match and we return failure! */
          failf(data, "SSL: illegal cert name field");
          res = CURLE_PEER_FAILED_VERIFICATION;
        }
      }
      else /* not a UTF8 name */
        j = ASN1_STRING_to_UTF8(&peer_CN, tmp);
    }

    if(peer_CN == nulstr)

    }
#endif /* CURL_DOES_CONVERSIONS */

    if(res)
      /* error already detected, pass through */
      ;
    else if(!peer_CN) {
      failf(data,
            "SSL: unable to obtain common name from peer certificate");
      return CURLE_PEER_FAILED_VERIFICATION;

Return to bug 281515

Lines 1092-1098 Link Here

(-)lib/ssluse.c-7.19.5 (-13 / +28 lines)
1092	if(check->type == target) {	1092	if(check->type == target) {
1093	/* get data and length */	1093	/* get data and length */
1094	const char altptr = (char )ASN1_STRING_data(check->d.ia5);	1094	const char altptr = (char )ASN1_STRING_data(check->d.ia5);
1095	size_t altlen;	1095	size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5);
		1096
1096		1097
1097	switch(target) {	1098	switch(target) {
1098	case GEN_DNS: /* name/pattern comparison */	1099	case GEN_DNS: /* name/pattern comparison */
Lines 1106-1119 Link Here
1106	"I checked the 0.9.6 and 0.9.8 sources before my patch and	1107	"I checked the 0.9.6 and 0.9.8 sources before my patch and
1107	it always 0-terminates an IA5String."	1108	it always 0-terminates an IA5String."
1108	*/	1109	*/
1109	if(cert_hostcheck(altptr, conn->host.name))	1110	if((altlen == strlen(altptr)) &&
		1111	/* if this isn't true, there was an embedded zero in the name
		1112	string and we cannot match it. */
		1113	cert_hostcheck(altptr, conn->host.name))
1110	matched = TRUE;	1114	matched = TRUE;
1111	break;	1115	break;
1112		1116
1113	case GEN_IPADD: /* IP address comparison */	1117	case GEN_IPADD: /* IP address comparison */
1114	/* compare alternative IP address if the data chunk is the same size	1118	/* compare alternative IP address if the data chunk is the same size
1115	our server IP address is */	1119	our server IP address is */
1116	altlen = (size_t) ASN1_STRING_length(check->d.ia5);
1117	if((altlen == addrlen) && !memcmp(altptr, &addr, altlen))	1120	if((altlen == addrlen) && !memcmp(altptr, &addr, altlen))
1118	matched = TRUE;	1121	matched = TRUE;
1119	break;	1122	break;
Lines 1153-1170 Link Here
1153	string manually to avoid the problem. This code can be made	1156	string manually to avoid the problem. This code can be made
1154	conditional in the future when OpenSSL has been fixed. Work-around	1157	conditional in the future when OpenSSL has been fixed. Work-around
1155	brought by Alexis S. L. Carvalho. */	1158	brought by Alexis S. L. Carvalho. */
1156	if(tmp && ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {	1159	if(tmp) {
1157	j = ASN1_STRING_length(tmp);	1160	if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
1158	if(j >= 0) {	1161	j = ASN1_STRING_length(tmp);
1159	peer_CN = OPENSSL_malloc(j+1);	1162	if(j >= 0) {
1160	if(peer_CN) {	1163	peer_CN = OPENSSL_malloc(j+1);
1161	memcpy(peer_CN, ASN1_STRING_data(tmp), j);	1164	if(peer_CN) {
1162	peer_CN[j] = '\0';	1165	memcpy(peer_CN, ASN1_STRING_data(tmp), j);
		1166	peer_CN[j] = '\0';
		1167	}
1163	}	1168	}
1164	}	1169	}
		1170	else /* not a UTF8 name */
		1171	j = ASN1_STRING_to_UTF8(&peer_CN, tmp);
		1172
		1173	if(peer_CN && ((int)strlen((char *)peer_CN) != j)) {
		1174	/* there was a terminating zero before the end of string, this
		1175	cannot match and we return failure! */
		1176	failf(data, "SSL: illegal cert name field");
		1177	res = CURLE_PEER_FAILED_VERIFICATION;
		1178	}
1165	}	1179	}
1166	else /* not a UTF8 name */
1167	j = ASN1_STRING_to_UTF8(&peer_CN, tmp);
1168	}	1180	}
1169		1181
1170	if(peer_CN == nulstr)	1182	if(peer_CN == nulstr)
Lines 1182-1188 Link Here
1182	}	1194	}
1183	#endif /* CURL_DOES_CONVERSIONS */	1195	#endif /* CURL_DOES_CONVERSIONS */
1184		1196
1185	if(!peer_CN) {	1197	if(res)
		1198	/* error already detected, pass through */
		1199	;
		1200	else if(!peer_CN) {
1186	failf(data,	1201	failf(data,
1187	"SSL: unable to obtain common name from peer certificate");	1202	"SSL: unable to obtain common name from peer certificate");
1188	return CURLE_PEER_FAILED_VERIFICATION;	1203	return CURLE_PEER_FAILED_VERIFICATION;