From: Tjerk Meesters <datibbaw@php.net>
Date: Tue, 29 Jul 2014 11:15:01 +0000 (+0800)
Subject: Wildcards should only be used in the first name component; fixed comment style
X-Git-Tag: PRE_PHPNG_MERGE~49^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a7dad26c4bf80b65c1abd51e1695b3895add27f5;p=php

Wildcards should only be used in the first name component; fixed comment style
---

diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
index 03a84bf363..ba35c8828a 100644
--- a/ext/openssl/xp_ssl.c
+++ b/ext/openssl/xp_ssl.c
@@ -274,11 +274,12 @@ static zend_bool matches_wildcard_name(const char *subjectname, const char *cert
 		return 1;
 	}
 
-	if (!(wildcard = strchr(certname, '*'))) {
+	/* wildcard, if present, must only be present in the left-most component */
+	if (!(wildcard = strchr(certname, '*')) || memchr(certname, '.', wildcard - certname)) {
 		return 0;
 	}
 
-	// 1) prefix, if not empty, must match subject
+	/* 1) prefix, if not empty, must match subject */
 	prefix_len = wildcard - certname;
 	if (prefix_len && strncasecmp(subjectname, certname, prefix_len) != 0) {
 		return 0;