diff options
author | 2015-09-11 13:12:29 +0000 | |
---|---|---|
committer | 2015-09-11 13:12:29 +0000 | |
commit | e6171fc492ae018e85da5fd26c508430e4d6fa36 (patch) | |
tree | 41fef00d8221abe64ff93c9d1122d6252c6d2787 /lib/libtls/tls_verify.c | |
parent | regress test that we do not allow a wildcard match for ".openbsd.org" (diff) | |
download | wireguard-openbsd-e6171fc492ae018e85da5fd26c508430e4d6fa36.tar.xz wireguard-openbsd-e6171fc492ae018e85da5fd26c508430e4d6fa36.zip |
Do not match a wildcard against a name with no host part.
ok jsing@
Diffstat (limited to 'lib/libtls/tls_verify.c')
-rw-r--r-- | lib/libtls/tls_verify.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/libtls/tls_verify.c b/lib/libtls/tls_verify.c index c6f29c897d0..9a0f97eadaf 100644 --- a/lib/libtls/tls_verify.c +++ b/lib/libtls/tls_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_verify.c,v 1.12 2015/09/11 12:56:55 beck Exp $ */ +/* $OpenBSD: tls_verify.c,v 1.13 2015/09/11 13:12:29 beck Exp $ */ /* * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> * @@ -69,6 +69,9 @@ tls_match_name(const char *cert_name, const char *name) domain = strchr(name, '.'); + /* No wildcard match against a name with no host part. */ + if (name[0] == '.') + return -1; /* No wildcard match against a name with no domain part. */ if (domain == NULL || strlen(domain) == 1) return -1; |