diff options
author | Tim Rühsen <tim.ruehsen@gmx.de> | 2018-07-19 12:50:13 +0200 |
---|---|---|
committer | Tim Rühsen <tim.ruehsen@gmx.de> | 2018-07-22 12:44:25 +0200 |
commit | a2b502ffc3bb569bac470f5924ee8bc9627d23cc (patch) | |
tree | df79972121ff8728d7579d57ebfe411b7c5c4f4d | |
parent | 3c051065dae8f0b2244ff987acc57ca3405ccc5b (diff) | |
download | gnutls-a2b502ffc3bb569bac470f5924ee8bc9627d23cc.tar.gz |
Remove trailing dot from hostname input
Fixes #532
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
-rw-r--r-- | src/cli.c | 11 | ||||
-rw-r--r-- | src/socket.c | 21 | ||||
-rwxr-xr-x | tests/sni-hostname.sh | 3 |
3 files changed, 23 insertions, 12 deletions
@@ -331,9 +331,10 @@ static int cert_verify_callback(gnutls_session_t session) ssh = strictssh; } - if (HAVE_OPT(VERIFY_HOSTNAME)) + if (HAVE_OPT(VERIFY_HOSTNAME)) { host = OPT_ARG(VERIFY_HOSTNAME); - else + canonicalize_host((char *) host, NULL, 0); + } else host = hostname; /* Save certificate and OCSP response */ @@ -603,8 +604,10 @@ gnutls_session_t init_tls_session(const char *host) */ if (disable_extensions == 0 && disable_sni == 0) { if (HAVE_OPT(SNI_HOSTNAME)) { - gnutls_server_name_set(session, GNUTLS_NAME_DNS, - OPT_ARG(SNI_HOSTNAME), strlen(OPT_ARG(SNI_HOSTNAME))); + const char *sni_host = OPT_ARG(SNI_HOSTNAME); + + canonicalize_host((char *) sni_host, NULL, 0); + gnutls_server_name_set(session, GNUTLS_NAME_DNS, sni_host, strlen(sni_host)); } else if (host != NULL && is_ip(host) == 0) gnutls_server_name_set(session, GNUTLS_NAME_DNS, host, strlen(host)); diff --git a/src/socket.c b/src/socket.c index 253607e5a8..eacff01b42 100644 --- a/src/socket.c +++ b/src/socket.c @@ -401,17 +401,22 @@ void socket_bye(socket_st * socket, unsigned polite) void canonicalize_host(char *hostname, char *service, unsigned service_size) { char *p; - unsigned char buf[64]; - p = strchr(hostname, ':'); - if (p == NULL) - return; + if ((p = strchr(hostname, ':'))) { + unsigned char buf[64]; - if (inet_pton(AF_INET6, hostname, buf) == 1) - return; + if (inet_pton(AF_INET6, hostname, buf) == 1) + return; + + *p = 0; + + if (service && service_size) + snprintf(service, service_size, "%s", p+1); + } else + p = hostname + strlen(hostname); - *p = 0; - snprintf(service, service_size, "%s", p+1); + if (p > hostname && p[-1] == '.') + p[-1] = 0; // remove trailing dot on FQDN } static ssize_t diff --git a/tests/sni-hostname.sh b/tests/sni-hostname.sh index afc2a0099b..4c5f8d2a94 100755 --- a/tests/sni-hostname.sh +++ b/tests/sni-hostname.sh @@ -74,6 +74,9 @@ ${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 ${NOOPTS} --priority "NORMAL" --x509 ${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --sni-hostname example.com --priority "NORMAL" --x509cafile ${CA1} </dev/null >/dev/null && \ fail ${PID} "5. handshake should have failed!" +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --sni-hostname example.com. --verify-hostname example.com. --priority "NORMAL" --x509cafile ${CA1} </dev/null >/dev/null || \ + fail ${PID} "6. handshake should have succeeded!" + kill ${PID} wait |