moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity

x509asn1: Fix SAN IP address verification 

For IP addresses in the subject alternative name field, the length
of the IP address (and hence the number of bytes to perform a
memcmp on) is incorrectly calculated to be zero. The code previously
subtracted q from name.end. where in a successful case q = name.end
and therefore addrlen equalled 0. The change modifies the code to
subtract name.beg from name.end to calculate the length correctly.

The issue only affects libcurl with GSKit SSL, not other SSL backends.
The issue is not a security issue as IP verification would always fail.

Fixes #3102
Closes #3141
This commit is contained in:
Matthew Whitehead 2018-10-15 16:27:28 +01:00 committed by Jay Satiro
parent 03186b1187
commit df54b14fb7
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/x509asn1.c
View File

@ -1131,8 +1131,8 @@ CURLcode Curl_verifyhost(struct connectdata *conn,
break;
case 7: /* IP address. */
matched = (size_t) (name.end - q) == addrlen &&
!memcmp(&addr, q, addrlen);
matched = (size_t) (name.end - name.beg) == addrlen &&
!memcmp(&addr, name.beg, addrlen);
break;
}
}