[balsa] Check the certificate more carefully.
- From: Pawel Salek <pawels src gnome org>
- To: svn-commits-list gnome org
- Cc:
- Subject: [balsa] Check the certificate more carefully.
- Date: Sun, 17 Jan 2010 21:38:38 +0000 (UTC)
commit eefb4b9c0cb2b15a91d5faa3ce2516c64bb39459
Author: Pawel Salek <pawsa damage localdomain>
Date: Sun Jan 17 22:38:18 2010 +0100
Check the certificate more carefully.
ChangeLog | 5 +++++
libbalsa/imap/imap-tls.c | 10 ++++++++--
2 files changed, 13 insertions(+), 2 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index 6df9d06..a4344a9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2010-01-17 Pawel Salek
+
+ * libbalsa/imap/imap-tls.c: check also the length when matching
+ the host name vs the one in the certificate.
+
2010-01-17 Peter Bloomfield
* src/main-window.c: close the new-mail notification instead of
diff --git a/libbalsa/imap/imap-tls.c b/libbalsa/imap/imap-tls.c
index 7e8e87f..ce5be11 100644
--- a/libbalsa/imap/imap-tls.c
+++ b/libbalsa/imap/imap-tls.c
@@ -302,10 +302,16 @@ imap_check_server_identity(SSL *ssl, const char *host,
}
if(!ok) { /* matching by subjectAltName failed, try commonName */
char data[256];
+ size_t name_len;
if( (subj = X509_get_subject_name(cert)) &&
- X509_NAME_get_text_by_NID(subj, NID_commonName, data, sizeof(data))>0){
+ (name_len =
+ X509_NAME_get_text_by_NID(subj, NID_commonName, data, sizeof(data)))){
data[sizeof(data)-1] = 0;
- if(host_matches_domain(host, data, host_len))
+
+ /* Remember to check whether there was no truncation or NUL
+ characters embedded in the text. */
+ if(name_len == strlen(data) &&
+ host_matches_domain(host, data, host_len))
ok =1;
}
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]