Merge branch 'PHP-5.6'

* PHP-5.6: Wildcards should only be used in the first name component; fixed comment style
author: Tjerk Meesters <datibbaw@php.net> 2014-07-29 19:15:20 +0800
committer: Tjerk Meesters <datibbaw@php.net> 2014-07-29 19:15:20 +0800
commit: 0120a9ca4b8349f7484b274d235f1d03572196f3 (patch)
tree: ec2c6cb6c26f46b356684a1d1eff618b301a4ef7
parent: e7df0af6bd521f207f06e4a1b1f6d2e91f9e0e4e (diff)
parent: a7dad26c4bf80b65c1abd51e1695b3895add27f5 (diff)
download: php-git-0120a9ca4b8349f7484b274d235f1d03572196f3.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
index 0b4e3d5c21..73f43c9205 100644
--- a/ext/openssl/xp_ssl.c
+++ b/ext/openssl/xp_ssl.c
@@ -276,11 +276,12 @@ static zend_bool matches_wildcard_name(const char *subjectname, const char *cert
 		return 1;
 	}
 
-	if (!(wildcard = strchr(certname, '*'))) {
+	/* wildcard, if present, must only be present in the left-most component */
+	if (!(wildcard = strchr(certname, '*')) || memchr(certname, '.', wildcard - certname)) {
 		return 0;
 	}
 
-	// 1) prefix, if not empty, must match subject
+	/* 1) prefix, if not empty, must match subject */
 	prefix_len = wildcard - certname;
 	if (prefix_len && strncasecmp(subjectname, certname, prefix_len) != 0) {
 		return 0;
author	Tjerk Meesters <datibbaw@php.net>	2014-07-29 19:15:20 +0800
committer	Tjerk Meesters <datibbaw@php.net>	2014-07-29 19:15:20 +0800
commit	0120a9ca4b8349f7484b274d235f1d03572196f3 (patch)
tree	ec2c6cb6c26f46b356684a1d1eff618b301a4ef7
parent	e7df0af6bd521f207f06e4a1b1f6d2e91f9e0e4e (diff)
parent	a7dad26c4bf80b65c1abd51e1695b3895add27f5 (diff)
download	php-git-0120a9ca4b8349f7484b274d235f1d03572196f3.tar.gz