diff options
| author |   jca <jca@openbsd.org> | 2014-08-25 11:33:55 +0000 |
|---|---|---|
| committer | jca <jca@openbsd.org> | 2014-08-25 11:33:55 +0000 |
| commit | dde23187f24fbf8d3cf1e477f34a8ea75543b6be (patch) | |
| tree | 4bb5fec1bbf6dd1fc739a8772c2172361d0b0f8e | |
| parent | Fix a few fd leaks in isakmpd. (diff) | |
| download | wireguard-openbsd-dde23187f24fbf8d3cf1e477f34a8ea75543b6be.tar.xz wireguard-openbsd-dde23187f24fbf8d3cf1e477f34a8ea75543b6be.zip | |
When using a proxy for an https connection, validate the cert hostname
against the target hostname, not the proxy hostname. Issue reported by
dlg@, fix by Alex Wilson on tech@, tweaks by me.
No reply from tech@
| -rw-r--r-- | usr.bin/ftp/fetch.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/usr.bin/ftp/fetch.c b/usr.bin/ftp/fetch.c index e130895d5f7..60ae2a75491 100644 --- a/usr.bin/ftp/fetch.c +++ b/usr.bin/ftp/fetch.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fetch.c,v 1.127 2014/08/21 16:46:48 jca Exp $ */ +/* $OpenBSD: fetch.c,v 1.128 2014/08/25 11:33:55 jca Exp $ */ /* $NetBSD: fetch.c,v 1.14 1997/08/18 10:20:20 lukem Exp $ */ /*- @@ -343,6 +343,10 @@ noslash: } path = newline; + } else if (ishttpsurl) { + sslhost = strdup(host); + if (sslhost == NULL) + errx(1, "Can't allocate memory for https path/host."); } if (isfileurl) { @@ -604,7 +608,7 @@ again: ressl_error(ssl)); goto cleanup_url_get; } - if (ressl_connect_socket(ssl, s, host) != 0) { + if (ressl_connect_socket(ssl, s, sslhost) != 0) { fprintf(ttyout, "SSL failure: %s\n", ressl_error(ssl)); goto cleanup_url_get; } @@ -975,6 +979,7 @@ cleanup_url_get: ressl_free(ssl); } free(full_host); + free(sslhost); #endif /* !SMALL */ if (fin != NULL) fclose(fin); |