Drop hostlen from X509_VERIFY_PARAM_ID.
Just store NUL-terminated strings. This works better when we add
support for multiple hostnames.
(Imported from upstream's d93edc0aab98377f42dd19312248597a018a7889.)
Change-Id: Ib3bf8a8c654b829b4432782ba21ba55c3d4a0582
diff --git a/crypto/x509/vpm_int.h b/crypto/x509/vpm_int.h
index d18a4d4..dd33f88 100644
--- a/crypto/x509/vpm_int.h
+++ b/crypto/x509/vpm_int.h
@@ -61,7 +61,6 @@
struct X509_VERIFY_PARAM_ID_st
{
unsigned char *host; /* If not NULL hostname to match */
- size_t hostlen;
unsigned int hostflags; /* Flags to control matching features */
unsigned char *email; /* If not NULL email address to match */
size_t emaillen;
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 285bcaf..3c492ab 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -709,8 +709,7 @@
X509_VERIFY_PARAM *vpm = ctx->param;
X509_VERIFY_PARAM_ID *id = vpm->id;
X509 *x = ctx->cert;
- if (id->host && !X509_check_host(x, id->host, id->hostlen,
- id->hostflags))
+ if (id->host && !X509_check_host(x, id->host, strlen((const char*) id->host), id->hostflags))
{
if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH))
return 0;
diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 3daaf61..7f646d8 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -88,7 +88,6 @@
{
OPENSSL_free(paramid->host);
paramid->host = NULL;
- paramid->hostlen = 0;
}
if (paramid->email)
{
@@ -234,7 +233,7 @@
if (test_x509_verify_param_copy_id(host, NULL))
{
- if (!X509_VERIFY_PARAM_set1_host(dest, id->host, id->hostlen))
+ if (!X509_VERIFY_PARAM_set1_host(dest, id->host, strlen((const char*) id->host)))
return 0;
dest->id->hostflags = id->hostflags;
}
@@ -396,8 +395,7 @@
int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
const unsigned char *name, size_t namelen)
{
- return int_x509_param_set1(¶m->id->host, ¶m->id->hostlen,
- name, namelen);
+ return int_x509_param_set1(¶m->id->host, NULL, name, namelen);
}
void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
@@ -441,7 +439,7 @@
return param->name;
}
-static const X509_VERIFY_PARAM_ID _empty_id = {NULL, 0, 0U, NULL, 0, NULL, 0};
+static const X509_VERIFY_PARAM_ID _empty_id = {NULL, 0U, NULL, 0, NULL, 0};
#define vpm_empty_id (X509_VERIFY_PARAM_ID *)&_empty_id
diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index d081c1c..8174103 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -971,6 +971,8 @@
int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
unsigned int flags)
{
+ if (chk && memchr(chk, '\0', chklen))
+ return 0;
return do_x509_check(x, chk, chklen, flags, GEN_DNS);
}
