Mercurial > hg > nginx

changeset 5669:cac82b9b3499

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: explicit handling of empty names. X509_check_host() can't handle non null-terminated names with zero length, so make sure to fail before calling it.
author Maxim Dounin <mdounin@mdounin.ru>
date Wed, 23 Apr 2014 20:31:31 +0400
parents 64958ea92fd2
children d161d68df8be
files src/event/ngx_event_openssl.c
diffstat 1 files changed, 4 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -2504,6 +2504,10 @@ ngx_ssl_check_host(ngx_connection_t *c, 
 
     /* X509_check_host() is only available in OpenSSL 1.0.2+ */
 
+    if (name->len == 0) {
+        goto failed;
+    }
+
     if (X509_check_host(cert, name->data, name->len, 0) != 1) {
         ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
                        "X509_check_host(): no match");