Wildcards should only be used in the first name component; fixed comment style

datibbaw · datibbaw · commit a7dad26c4bf8 · 2014-07-29T19:15:01.000+08:00
diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
@@ -274,11 +274,12 @@ static zend_bool matches_wildcard_name(const char *subjectname, const char *cert
 		return 1;
 	}
 
-	if (!(wildcard = strchr(certname, '*'))) {
+	/* wildcard, if present, must only be present in the left-most component */
+	if (!(wildcard = strchr(certname, '*')) || memchr(certname, '.', wildcard - certname)) {
 		return 0;
 	}
 
-	// 1) prefix, if not empty, must match subject
+	/* 1) prefix, if not empty, must match subject */
 	prefix_len = wildcard - certname;
 	if (prefix_len && strncasecmp(subjectname, certname, prefix_len) != 0) {
 		return 0;

Original file line number	Diff line number	Diff line change
`@@ -274,11 +274,12 @@ static zend_bool matches_wildcard_name(const char subjectname, const char cert`
`274`	`274`	`return 1;`
`275`	`275`	`}`
`276`	`276`
`277`		`- if (!(wildcard = strchr(certname, '*'))) {`
	`277`	`+ /* wildcard, if present, must only be present in the left-most component */`
	`278`	`+ if (!(wildcard = strchr(certname, '*')) \|\| memchr(certname, '.', wildcard - certname)) {`
`278`	`279`	`return 0;`
`279`	`280`	`}`
`280`	`281`
`281`		`- // 1) prefix, if not empty, must match subject`
	`282`	`+ /* 1) prefix, if not empty, must match subject */`
`282`	`283`	`prefix_len = wildcard - certname;`
`283`	`284`	`if (prefix_len && strncasecmp(subjectname, certname, prefix_len) != 0) {`
`284`	`285`	`return 0;`