generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Allow multiple IDN xn-- indicators

Browse Source 
Update the X509v3 name parsing to allow multiple xn-- international
domain name indicators in a name.  Previously, only allowed one at
the beginning of a name, which was wrong.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
This commit is contained in:
Rich Salz 2015-01-12 12:39:00 -05:00
parent fcf64ba0ac
commit 31d1d3741f
1 changed files with 8 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
crypto/x509v3/v3_utl.c
View File

@ -752,7 +752,7 @@ static const unsigned char *valid_star(const unsigned char *p, size_t len,
{ {
int atstart = (state & LABEL_START); int atstart = (state & LABEL_START);
int atend = (i == len - 1 || p[i+i] == '.'); int atend = (i == len - 1 || p[i+i] == '.');
/* /*-
* At most one wildcard per pattern. * At most one wildcard per pattern.
* No wildcards in IDNA labels. * No wildcards in IDNA labels.
* No wildcards after the first label. * No wildcards after the first label.
@ -769,45 +769,26 @@ static const unsigned char *valid_star(const unsigned char *p, size_t len,
star = &p[i]; star = &p[i];
state &= ~LABEL_START; state &= ~LABEL_START;
} }
else if ((state & LABEL_START) != 0)
{
/*
* At the start of a label, skip any "xn--" and
* remain in the LABEL_START state, but set the
* IDNA label state
*/
if ((state & LABEL_IDNA) == 0 && len - i >= 4
&& strncasecmp((char *)&p[i], "xn--", 4) == 0)
{
i += 3;
state |= LABEL_IDNA;
continue;
}
/* Labels must start with a letter or digit */
state &= ~LABEL_START;
if (('a' <= p[i] && p[i] <= 'z')
|| ('A' <= p[i] && p[i] <= 'Z')
|| ('0' <= p[i] && p[i] <= '9'))
continue;
return NULL;
}
else if (('a' <= p[i] && p[i] <= 'z') else if (('a' <= p[i] && p[i] <= 'z')
|| ('A' <= p[i] && p[i] <= 'Z') || ('A' <= p[i] && p[i] <= 'Z')
|| ('0' <= p[i] && p[i] <= '9')) || ('0' <= p[i] && p[i] <= '9'))
{ {
state &= LABEL_IDNA; if ((state & LABEL_START) != 0
continue; && len - i >= 4
&& strncasecmp((char *)&p[i], "xn--", 4) == 0)
state |= LABEL_IDNA;
state &= ~(LABEL_HYPHEN|LABEL_START);
} }
else if (p[i] == '.') else if (p[i] == '.')
{ {
if (state & (LABEL_HYPHEN | LABEL_START)) if ((state & (LABEL_HYPHEN | LABEL_START)) != 0)
return NULL; return NULL;
state = LABEL_START; state = LABEL_START;
++dots; ++dots;
} }
else if (p[i] == '-') else if (p[i] == '-')
{ {
if (state & LABEL_HYPHEN) if ((state & LABEL_HYPHEN) != 0)
return NULL; return NULL;
state |= LABEL_HYPHEN; state |= LABEL_HYPHEN;
} }