Wildcards should only be used in the first name component; fixed comment style

author Tjerk Meesters <datibbaw@php.net>

Tue, 29 Jul 2014 11:15:01 +0000 (19:15 +0800)

committer Tjerk Meesters <datibbaw@php.net>

Tue, 29 Jul 2014 11:15:01 +0000 (19:15 +0800)
author Tjerk Meesters <datibbaw@php.net>
Tue, 29 Jul 2014 11:15:01 +0000 (19:15 +0800)
committer Tjerk Meesters <datibbaw@php.net>
Tue, 29 Jul 2014 11:15:01 +0000 (19:15 +0800)
diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c

index 03a84bf363a3b16332705d6e625f5fc90222163c..ba35c8828a2d6a3a15d81f37005193144a9d3fcf 100644 (file)
--- a/ext/openssl/xp_ssl.c
+++ b/ext/openssl/xp_ssl.c
@@ -274,11 +274,12 @@ static zend_bool matches_wildcard_name(const char *subjectname, const char *cert
                 return 1;
         }
  
-       if (!(wildcard = strchr(certname, '*'))) {
+       /* wildcard, if present, must only be present in the left-most component */
+       if (!(wildcard = strchr(certname, '*')) || memchr(certname, '.', wildcard - certname)) {
                 return 0;
         }
  
-       // 1) prefix, if not empty, must match subject
+       /* 1) prefix, if not empty, must match subject */
         prefix_len = wildcard - certname;
         if (prefix_len && strncasecmp(subjectname, certname, prefix_len) != 0) {
                 return 0;
author	Tjerk Meesters <datibbaw@php.net>
	Tue, 29 Jul 2014 11:15:01 +0000 (19:15 +0800)
committer	Tjerk Meesters <datibbaw@php.net>
	Tue, 29 Jul 2014 11:15:01 +0000 (19:15 +0800)