diff options
author | Tjerk Meesters <datibbaw@php.net> | 2014-07-29 19:15:20 +0800 |
---|---|---|
committer | Tjerk Meesters <datibbaw@php.net> | 2014-07-29 19:15:20 +0800 |
commit | 0120a9ca4b8349f7484b274d235f1d03572196f3 (patch) | |
tree | ec2c6cb6c26f46b356684a1d1eff618b301a4ef7 | |
parent | e7df0af6bd521f207f06e4a1b1f6d2e91f9e0e4e (diff) | |
parent | a7dad26c4bf80b65c1abd51e1695b3895add27f5 (diff) | |
download | php-git-0120a9ca4b8349f7484b274d235f1d03572196f3.tar.gz |
Merge branch 'PHP-5.6'
* PHP-5.6:
Wildcards should only be used in the first name component; fixed comment style
-rw-r--r-- | ext/openssl/xp_ssl.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c index 0b4e3d5c21..73f43c9205 100644 --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -276,11 +276,12 @@ static zend_bool matches_wildcard_name(const char *subjectname, const char *cert return 1; } - if (!(wildcard = strchr(certname, '*'))) { + /* wildcard, if present, must only be present in the left-most component */ + if (!(wildcard = strchr(certname, '*')) || memchr(certname, '.', wildcard - certname)) { return 0; } - // 1) prefix, if not empty, must match subject + /* 1) prefix, if not empty, must match subject */ prefix_len = wildcard - certname; if (prefix_len && strncasecmp(subjectname, certname, prefix_len) != 0) { return 0; |