Welcome! Log In Create A New Profile

[nginx] SSL: explicit handling of empty names.

Forum List Message List New Topic Print View

Maxim Dounin

April 23, 2014 12:34PM

details: http://hg.nginx.org/nginx/rev/cac82b9b3499
branches:
changeset: 5669:cac82b9b3499
user: Maxim Dounin <mdounin@mdounin.ru>
date: Wed Apr 23 20:31:31 2014 +0400
description:
SSL: explicit handling of empty names.

X509_check_host() can't handle non null-terminated names with zero length,
so make sure to fail before calling it.

diffstat:

src/event/ngx_event_openssl.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)

diffs (14 lines):

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -2504,6 +2504,10 @@ ngx_ssl_check_host(ngx_connection_t *c,

/* X509_check_host() is only available in OpenSSL 1.0.2+ */

+ if (name->len == 0) {
+ goto failed;
+ }
+
if (X509_check_host(cert, name->data, name->len, 0) != 1) {
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
"X509_check_host(): no match");

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[nginx] SSL: explicit handling of empty names.	Maxim Dounin	727	April 23, 2014 12:34PM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 295

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018