Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
W
wine-winehq
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
wine
wine-winehq
Commits
e82005fe
Commit
e82005fe
authored
Nov 13, 2009
by
Juan Lang
Committed by
Alexandre Julliard
Nov 17, 2009
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
crypt32: Only compare the hostname portion of a URL when checking against a name constraint.
parent
3c8a04f1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
50 additions
and
6 deletions
+50
-6
chain.c
dlls/crypt32/chain.c
+50
-6
No files found.
dlls/crypt32/chain.c
View file @
e82005fe
...
@@ -517,14 +517,58 @@ static BOOL url_matches(LPCWSTR constraint, LPCWSTR name,
...
@@ -517,14 +517,58 @@ static BOOL url_matches(LPCWSTR constraint, LPCWSTR name,
*
trustErrorStatus
|=
CERT_TRUST_INVALID_NAME_CONSTRAINTS
;
*
trustErrorStatus
|=
CERT_TRUST_INVALID_NAME_CONSTRAINTS
;
else
if
(
!
name
)
else
if
(
!
name
)
;
/* no match */
;
/* no match */
else
if
(
constraint
[
0
]
==
'.'
)
else
{
{
if
(
lstrlenW
(
name
)
>
lstrlenW
(
constraint
))
LPCWSTR
colon
,
authority_end
,
at
,
hostname
=
NULL
;
match
=
!
lstrcmpiW
(
name
+
lstrlenW
(
name
)
-
lstrlenW
(
constraint
),
/* The maximum length for a hostname is 254 in the DNS, see RFC 1034 */
constraint
);
WCHAR
hostname_buf
[
255
];
/* RFC 5280: only the hostname portion of the URL is compared. From
* section 4.2.1.10:
* "For URIs, the constraint applies to the host part of the name.
* The constraint MUST be specified as a fully qualified domain name
* and MAY specify a host or a domain."
* The format for URIs is in RFC 2396.
*
* First, remove any scheme that's present. */
colon
=
strchrW
(
name
,
':'
);
if
(
colon
&&
*
(
colon
+
1
)
==
'/'
&&
*
(
colon
+
2
)
==
'/'
)
name
=
colon
+
3
;
/* Next, find the end of the authority component. (The authority is
* generally just the hostname, but it may contain a username or a port.
* Those are removed next.)
*/
authority_end
=
strchrW
(
name
,
'/'
);
if
(
!
authority_end
)
authority_end
=
strchrW
(
name
,
'?'
);
if
(
!
authority_end
)
authority_end
=
name
+
strlenW
(
name
);
/* Remove any port number from the authority */
for
(
colon
=
authority_end
;
colon
>=
name
&&
*
colon
!=
':'
;
colon
--
)
;
if
(
*
colon
==
':'
)
authority_end
=
colon
;
/* Remove any username from the authority */
if
((
at
=
strchrW
(
name
,
'@'
)))
name
=
at
;
/* Ignore any path or query portion of the URL. */
if
(
*
authority_end
)
{
if
(
authority_end
-
name
<
sizeof
(
hostname_buf
)
/
sizeof
(
hostname_buf
[
0
]))
{
memcpy
(
hostname_buf
,
name
,
(
authority_end
-
name
)
*
sizeof
(
WCHAR
));
hostname_buf
[
authority_end
-
name
]
=
0
;
hostname
=
hostname_buf
;
}
/* else: Hostname is too long, not a match */
}
else
hostname
=
name
;
if
(
hostname
)
match
=
!
lstrcmpiW
(
constraint
,
hostname
);
}
}
else
match
=
!
lstrcmpiW
(
constraint
,
name
);
return
match
;
return
match
;
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment