Drop hostlen from X509_VERIFY_PARAM_ID.

Just store NUL-terminated strings.  This works better when we add
support for multiple hostnames.
(cherry picked from commit b3012c698a086937319ed413a113ed7bec1edd1a)

diff --git a/crypto/x509/vpm_int.h b/crypto/x509/vpm_int.h
index d18a4d48e9207363420e75aea4dd6da9558d7e72..dd33f883879cfd9218f2a968df4f318baffa345a 100644 (file)
--- a/crypto/x509/vpm_int.h
+++ b/crypto/x509/vpm_int.h
@@ -61,7 +61,6 @@
 struct X509_VERIFY_PARAM_ID_st
        {
        unsigned char *host;    /* If not NULL hostname to match */
-       size_t hostlen;
        unsigned int hostflags; /* Flags to control matching features */
        unsigned char *email;   /* If not NULL email address to match */
        size_t emaillen;

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 2917819cc9159b7a5884af25333230361f368f6d..acfe10bd04b53591d91d13bc92ed5364ef3b0913 100644 (file)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -724,8 +724,7 @@ static int check_id(X509_STORE_CTX *ctx)
        X509_VERIFY_PARAM *vpm = ctx->param;
        X509_VERIFY_PARAM_ID *id = vpm->id;
        X509 *x = ctx->cert;
-       if (id->host && !X509_check_host(x, id->host, id->hostlen,
-                                        id->hostflags))
+       if (id->host && !X509_check_host(x, id->host, 0, id->hostflags))
                {
                if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH))
                        return 0;

diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index e5e258a9d3c060b0407a376c145794a4079e25db..8f985ff446fcf61adefcef8c423d41639b2e3d77 100644 (file)
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -91,7 +91,6 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
                {
                OPENSSL_free(paramid->host);
                paramid->host = NULL;
-               paramid->hostlen = 0;
                }
        if (paramid->email)
                {
@@ -237,7 +236,7 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
 
        if (test_x509_verify_param_copy_id(host, NULL))
                {
-               if (!X509_VERIFY_PARAM_set1_host(dest, id->host, id->hostlen))
+               if (!X509_VERIFY_PARAM_set1_host(dest, id->host, 0))
                        return 0;
                dest->id->hostflags = id->hostflags;
                }
@@ -399,8 +398,7 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
 int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
                                const unsigned char *name, size_t namelen)
        {
-       return int_x509_param_set1(&param->id->host, &param->id->hostlen,
-                                       name, namelen);
+       return int_x509_param_set1(&param->id->host, NULL, name, namelen);
        }
 
 void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
@@ -444,7 +442,7 @@ const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param)
        return param->name;
        }
 
-static X509_VERIFY_PARAM_ID _empty_id = {NULL, 0, 0U, NULL, 0, NULL, 0};
+static X509_VERIFY_PARAM_ID _empty_id = {NULL, 0U, NULL, 0, NULL, 0};
 
 #define vpm_empty_id (X509_VERIFY_PARAM_ID *)&_empty_id
 

diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index 6e91ac9816eebdb8881994f2a6b2254c451c3400..5401d90e101199496ebbf622dd2a79b0a3e957ed 100644 (file)
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -972,6 +972,10 @@ static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen,
 int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
                                        unsigned int flags)
        {
+       if (chklen == 0)
+               chklen = chk ? strlen((char *)chk) : 0;
+       else if (chk && memchr(chk, '\0', chklen))
+               return 0;
        return do_x509_check(x, chk, chklen, flags, GEN_DNS);
        }