Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
W
wine-cw
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
wine
wine-cw
Commits
b74ef17e
Commit
b74ef17e
authored
Nov 13, 2009
by
Juan Lang
Committed by
Alexandre Julliard
Nov 17, 2009
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
crypt32: If a hostname in a URI or rfc822 name constraint doesn't begin with…
crypt32: If a hostname in a URI or rfc822 name constraint doesn't begin with '.', a match must be exact.
parent
e82005fe
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
37 additions
and
2 deletions
+37
-2
chain.c
dlls/crypt32/chain.c
+37
-2
No files found.
dlls/crypt32/chain.c
View file @
b74ef17e
...
@@ -506,6 +506,41 @@ static BOOL CRYPT_CheckBasicConstraintsForCA(PCertificateChainEngine engine,
...
@@ -506,6 +506,41 @@ static BOOL CRYPT_CheckBasicConstraintsForCA(PCertificateChainEngine engine,
return
validBasicConstraints
;
return
validBasicConstraints
;
}
}
static
BOOL
domain_name_matches
(
LPCWSTR
constraint
,
LPCWSTR
name
)
{
BOOL
match
;
/* RFC 5280, section 4.2.1.10:
* "For URIs, the constraint applies to the host part of the name...
* When the constraint begins with a period, it MAY be expanded with one
* or more labels. That is, the constraint ".example.com" is satisfied by
* both host.example.com and my.host.example.com. However, the constraint
* ".example.com" is not satisfied by "example.com". When the constraint
* does not begin with a period, it specifies a host."
* and for email addresses,
* "To indicate all Internet mail addresses on a particular host, the
* constraint is specified as the host name. For example, the constraint
* "example.com" is satisfied by any mail address at the host
* "example.com". To specify any address within a domain, the constraint
* is specified with a leading period (as with URIs)."
*/
if
(
constraint
[
0
]
==
'.'
)
{
/* Must be strictly greater than, a name can't begin with '.' */
if
(
lstrlenW
(
name
)
>
lstrlenW
(
constraint
))
match
=
!
lstrcmpiW
(
name
+
lstrlenW
(
name
)
-
lstrlenW
(
constraint
),
constraint
);
else
{
/* name is too short, no match */
match
=
FALSE
;
}
}
else
match
=
!
lstrcmpiW
(
name
,
constraint
);
return
match
;
}
static
BOOL
url_matches
(
LPCWSTR
constraint
,
LPCWSTR
name
,
static
BOOL
url_matches
(
LPCWSTR
constraint
,
LPCWSTR
name
,
DWORD
*
trustErrorStatus
)
DWORD
*
trustErrorStatus
)
{
{
...
@@ -567,7 +602,7 @@ static BOOL url_matches(LPCWSTR constraint, LPCWSTR name,
...
@@ -567,7 +602,7 @@ static BOOL url_matches(LPCWSTR constraint, LPCWSTR name,
else
else
hostname
=
name
;
hostname
=
name
;
if
(
hostname
)
if
(
hostname
)
match
=
!
lstrcmpiW
(
constraint
,
hostname
);
match
=
domain_name_matches
(
constraint
,
hostname
);
}
}
return
match
;
return
match
;
}
}
...
@@ -589,7 +624,7 @@ static BOOL rfc822_name_matches(LPCWSTR constraint, LPCWSTR name,
...
@@ -589,7 +624,7 @@ static BOOL rfc822_name_matches(LPCWSTR constraint, LPCWSTR name,
else
else
{
{
if
((
at
=
strchrW
(
name
,
'@'
)))
if
((
at
=
strchrW
(
name
,
'@'
)))
match
=
url_matches
(
constraint
,
at
+
1
,
trustErrorStatus
);
match
=
domain_name_matches
(
constraint
,
at
+
1
);
else
else
match
=
!
lstrcmpiW
(
constraint
,
name
);
match
=
!
lstrcmpiW
(
constraint
,
name
);
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment