[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Mon Jan 12 17:40:20 UTC 2015
The branch master has been updated
via 31d1d3741f16bd80ec25f72dcdbf6bbdc5664374 (commit)
from fcf64ba0ace1bb76c6e00ca7d0c7cf7f9bebe628 (commit)
- Log -----------------------------------------------------------------
commit 31d1d3741f16bd80ec25f72dcdbf6bbdc5664374
Author: Rich Salz <rsalz at openssl.org>
Date: Mon Jan 12 12:39:00 2015 -0500
Allow multiple IDN xn-- indicators
Update the X509v3 name parsing to allow multiple xn-- international
domain name indicators in a name. Previously, only allowed one at
the beginning of a name, which was wrong.
Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/x509v3/v3_utl.c | 35 ++++++++---------------------------
1 file changed, 8 insertions(+), 27 deletions(-)
diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index 10a7aa8..c9a6e79 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -752,7 +752,7 @@ static const unsigned char *valid_star(const unsigned char *p, size_t len,
{
int atstart = (state & LABEL_START);
int atend = (i == len - 1 || p[i+i] == '.');
- /*
+ /*-
* At most one wildcard per pattern.
* No wildcards in IDNA labels.
* No wildcards after the first label.
@@ -769,45 +769,26 @@ static const unsigned char *valid_star(const unsigned char *p, size_t len,
star = &p[i];
state &= ~LABEL_START;
}
- else if ((state & LABEL_START) != 0)
- {
- /*
- * At the start of a label, skip any "xn--" and
- * remain in the LABEL_START state, but set the
- * IDNA label state
- */
- if ((state & LABEL_IDNA) == 0 && len - i >= 4
- && strncasecmp((char *)&p[i], "xn--", 4) == 0)
- {
- i += 3;
- state |= LABEL_IDNA;
- continue;
- }
- /* Labels must start with a letter or digit */
- state &= ~LABEL_START;
- if (('a' <= p[i] && p[i] <= 'z')
- || ('A' <= p[i] && p[i] <= 'Z')
- || ('0' <= p[i] && p[i] <= '9'))
- continue;
- return NULL;
- }
else if (('a' <= p[i] && p[i] <= 'z')
|| ('A' <= p[i] && p[i] <= 'Z')
|| ('0' <= p[i] && p[i] <= '9'))
{
- state &= LABEL_IDNA;
- continue;
+ if ((state & LABEL_START) != 0
+ && len - i >= 4
+ && strncasecmp((char *)&p[i], "xn--", 4) == 0)
+ state |= LABEL_IDNA;
+ state &= ~(LABEL_HYPHEN|LABEL_START);
}
else if (p[i] == '.')
{
- if (state & (LABEL_HYPHEN | LABEL_START))
+ if ((state & (LABEL_HYPHEN | LABEL_START)) != 0)
return NULL;
state = LABEL_START;
++dots;
}
else if (p[i] == '-')
{
- if (state & LABEL_HYPHEN)
+ if ((state & LABEL_HYPHEN) != 0)
return NULL;
state |= LABEL_HYPHEN;
}
More information about the openssl-commits
mailing list