summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--TSRM/TSRM.dsp4
-rw-r--r--Zend/Zend.dsp8
-rw-r--r--ext/openssl/openssl.c25
3 files changed, 22 insertions, 15 deletions
diff --git a/TSRM/TSRM.dsp b/TSRM/TSRM.dsp
index 6c3e8bfb8b..8604bc0da8 100644
--- a/TSRM/TSRM.dsp
+++ b/TSRM/TSRM.dsp
@@ -171,10 +171,6 @@ SOURCE=.\tsrm_strtok_r.h
# End Source File
# Begin Source File
-SOURCE=.\tsrm_virtual_cwd.h
-# End Source File
-# Begin Source File
-
SOURCE=.\tsrm_win32.h
# End Source File
# End Group
diff --git a/Zend/Zend.dsp b/Zend/Zend.dsp
index 348e1abaa5..98d368fb16 100644
--- a/Zend/Zend.dsp
+++ b/Zend/Zend.dsp
@@ -269,6 +269,10 @@ SOURCE=.\zend_variables.c
SOURCE=.\zend_vm_opcodes.c
# End Source File
+# Begin Source File
+
+SOURCE=.\zend_virtual_cwd.c
+# End Source File
# End Group
# Begin Group "Header Files"
@@ -437,10 +441,6 @@ SOURCE=.\zend_ts_hash.h
SOURCE=.\zend_variables.h
# End Source File
-# Begin Source File
-
-SOURCE=.\zend_virtual_cwd.c
-# End Source File
# End Group
# Begin Group "Parsers"
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index fd4b22076a..b38dd6d206 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -4999,9 +4999,9 @@ static zend_bool matches_wildcard_name(const char *subjectname, const char *cert
return 0;
}
-static zend_bool matches_san_list(X509 *peer, const char *subject_name)
+static zend_bool matches_san_list(X509 *peer, const char *subject_name TSRMLS_DC)
{
- int i;
+ int i, san_name_len;
zend_bool is_match = 0;
unsigned char *cert_name;
@@ -5010,13 +5010,23 @@ static zend_bool matches_san_list(X509 *peer, const char *subject_name)
for (i = 0; i < alt_name_count; i++) {
GENERAL_NAME *san = sk_GENERAL_NAME_value(alt_names, i);
+ if (san->type != GEN_DNS) {
+ /* we only care about DNS names */
+ continue;
+ }
+
+ san_name_len = ASN1_STRING_length(san->d.dNSName);
+ ASN1_STRING_to_UTF8(&cert_name, san->d.dNSName);
- if (GEN_DNS == san->type) {
- ASN1_STRING_to_UTF8(&cert_name, san->d.dNSName);
- is_match = matches_wildcard_name(subject_name, (char *) cert_name);
- OPENSSL_free(cert_name);
+ /* prevent null byte poisoning */
+ if (san_name_len != strlen(cert_name)) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Peer SAN entry is malformed");
+ } else {
+ is_match = strcasecmp(subject_name, cert_name) == 0;
}
+ OPENSSL_free(cert_name);
+
if (is_match) {
break;
}
@@ -5096,7 +5106,7 @@ int php_openssl_apply_verification_policy(SSL *ssl, X509 *peer, php_stream *stre
GET_VER_OPT_STRING("CN_match", cnmatch);
if (cnmatch) {
- if (matches_san_list(peer, cnmatch)) {
+ if (matches_san_list(peer, cnmatch TSRMLS_CC)) {
return SUCCESS;
} else if (matches_common_name(peer, cnmatch TSRMLS_CC)) {
return SUCCESS;
@@ -5655,3 +5665,4 @@ PHP_FUNCTION(openssl_random_pseudo_bytes)
* vim600: sw=4 ts=4 fdm=marker
* vim<600: sw=4 ts=4
*/
+
View Lorry Controller Status