Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
Alchemy Viewer
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Iterations
Wiki
Requirements
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Locked files
Deploy
Releases
Package Registry
Container Registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
Repository analytics
Code review analytics
Issue analytics
Insights
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Silent mode is enabled
All outbound communications are blocked.
Learn more
.
Show more breadcrumbs
Alchemy Archive
Alchemy Viewer
Commits
d82a1021
Commit
d82a1021
authored
14 years ago
by
Roxie Linden
Browse files
Options
Downloads
Patches
Plain Diff
Fix issue parsing wildcard cns in certificates
CR: Karina
parent
a42dcc3f
No related branches found
Branches containing commit
No related tags found
Tags containing commit
No related merge requests found
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
indra/newview/llsechandler_basic.cpp
+36
-10
36 additions, 10 deletions
indra/newview/llsechandler_basic.cpp
indra/newview/tests/llsechandler_basic_test.cpp
+26
-5
26 additions, 5 deletions
indra/newview/tests/llsechandler_basic_test.cpp
with
62 additions
and
15 deletions
indra/newview/llsechandler_basic.cpp
+
36
−
10
View file @
d82a1021
...
...
@@ -782,23 +782,49 @@ bool _cert_hostname_wildcard_match(const std::string& hostname, const std::strin
{
std
::
string
new_hostname
=
hostname
;
std
::
string
new_cn
=
common_name
;
int
subdomain_pos
=
new_hostname
.
find_first_of
(
'.'
);
int
subcn_pos
=
new_cn
.
find_first_of
(
'.'
);
while
((
subcn_pos
!=
std
::
string
::
npos
)
&&
(
subdomain_pos
!=
std
::
string
::
npos
))
// find the last '.' in the hostname and the match name.
int
subdomain_pos
=
new_hostname
.
find_last_of
(
'.'
);
int
subcn_pos
=
new_cn
.
find_last_of
(
'.'
);
// if the last char is a '.', strip it
if
(
subdomain_pos
==
(
new_hostname
.
length
()
-
1
))
{
new_hostname
=
new_hostname
.
substr
(
0
,
subdomain_pos
);
subdomain_pos
=
new_hostname
.
find_last_of
(
'.'
);
}
if
(
subcn_pos
==
(
new_cn
.
length
()
-
1
))
{
// snip out the first subdomain and cn element
new_cn
=
new_cn
.
substr
(
0
,
subcn_pos
);
subcn_pos
=
new_cn
.
find_last_of
(
'.'
);
}
if
(
!
_cert_subdomain_wildcard_match
(
new_hostname
.
substr
(
0
,
subdomain_pos
),
new_cn
.
substr
(
0
,
subcn_pos
)))
// Check to see if there are any further '.' in the string.
while
((
subcn_pos
!=
std
::
string
::
npos
)
&&
(
subdomain_pos
!=
std
::
string
::
npos
))
{
// snip out last subdomain in both the match string and the hostname
// The last bit for 'my.current.host.com' would be 'com'
std
::
string
cn_part
=
new_cn
.
substr
(
subcn_pos
+
1
,
std
::
string
::
npos
);
std
::
string
hostname_part
=
new_hostname
.
substr
(
subdomain_pos
+
1
,
std
::
string
::
npos
);
if
(
!
_cert_subdomain_wildcard_match
(
new_hostname
.
substr
(
subdomain_pos
+
1
,
std
::
string
::
npos
),
cn_part
))
{
return
FALSE
;
}
new_hostname
=
new_hostname
.
substr
(
subdomain_pos
+
1
,
std
::
string
::
npos
);
new_cn
=
new_cn
.
substr
(
subcn_pos
+
1
,
std
::
string
::
npos
);
subdomain_pos
=
new_hostname
.
find_first_of
(
'.'
);
subcn_pos
=
new_cn
.
find_first_of
(
'.'
);
new_hostname
=
new_hostname
.
substr
(
0
,
subdomain_pos
);
new_cn
=
new_cn
.
substr
(
0
,
subcn_pos
);
subdomain_pos
=
new_hostname
.
find_last_of
(
'.'
);
subcn_pos
=
new_cn
.
find_last_of
(
'.'
);
}
// check to see if the most significant portion of the common name is '*'. If so, we can
// simply return success as child domains are also matched.
if
(
new_cn
==
"*"
)
{
// if it's just a '*' we support all child domains as well, so '*.
return
TRUE
;
}
return
_cert_subdomain_wildcard_match
(
new_hostname
,
new_cn
);
}
...
...
This diff is collapsed.
Click to expand it.
indra/newview/tests/llsechandler_basic_test.cpp
+
26
−
5
View file @
d82a1021
...
...
@@ -702,12 +702,18 @@ namespace tut
{
ensure
(
"simple name match"
,
_cert_hostname_wildcard_match
(
"foo"
,
"foo"
));
ensure
(
"simple name match, with end period"
,
_cert_hostname_wildcard_match
(
"foo."
,
"foo."
));
ensure
(
"simple name match, with begin period"
,
_cert_hostname_wildcard_match
(
".foo"
,
".foo"
));
ensure
(
"simple name match, with mismatched period cn"
,
_cert_hostname_wildcard_match
(
"foo."
,
"foo"
));
ensure
(
"simple name match, with mismatched period hostname"
,
_cert_hostname_wildcard_match
(
"foo"
,
"foo."
));
ensure
(
"simple name match, with subdomain"
,
_cert_hostname_wildcard_match
(
"foo.bar"
,
"foo.bar"
));
...
...
@@ -772,11 +778,26 @@ namespace tut
ensure
(
"end periods"
,
_cert_hostname_wildcard_match
(
"foo.bar.com."
,
"*.b*r.com."
));
ensure
(
"mismatch end period"
,
!
_cert_hostname_wildcard_match
(
"foo.bar.com."
,
"*.b*r.com"
));
ensure
(
"match end period"
,
_cert_hostname_wildcard_match
(
"foo.bar.com."
,
"*.b*r.com"
));
ensure
(
"match end period2"
,
_cert_hostname_wildcard_match
(
"foo.bar.com"
,
"*.b*r.com."
));
ensure
(
"wildcard mismatch"
,
!
_cert_hostname_wildcard_match
(
"bar.com"
,
"*.bar.com"
));
ensure
(
"wildcard match"
,
_cert_hostname_wildcard_match
(
"foo.bar.com"
,
"*.bar.com"
));
ensure
(
"wildcard match"
,
_cert_hostname_wildcard_match
(
"foo.foo.bar.com"
,
"*.bar.com"
));
ensure
(
"wildcard match"
,
_cert_hostname_wildcard_match
(
"foo.foo.bar.com"
,
"*.*.com"
));
ensure
(
"
mismatch end period2
"
,
!
_cert_hostname_wildcard_match
(
"foo.bar.com"
,
"*.
b*r
.com
.
"
));
ensure
(
"
wildcard mismatch
"
,
!
_cert_hostname_wildcard_match
(
"foo.
foo.
bar.com"
,
"*.
foo
.com"
));
}
// test cert chain
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
