Fixed X.509 hostname comparison (with non-regular characters)

2024-11-23 06:35:47 +01:00 · 2014-07-07 14:17:24 +02:00 · 2014-07-07 14:17:24 +02:00 · c941adba31
commit c941adba31
parent cf78ba2b89
2 changed files with 9 additions and 2 deletions
--- a/3
+++ b/3
@ -4,6 +4,9 @@ PolarSSL ChangeLog
 Changes
   * Introduced POLARSSL_HAVE_READDIR_R for systems without it

+Bugfix
+   * Fixed X.509 hostname comparison (with non-regular characters)
+
 = Version 1.2.10 released 2013-10-07
 Changes
   * Changed RSA blinding to a slower but thread-safe version
--- a/library/x509parse.c
+++ b/library/x509parse.c
@ -3281,11 +3281,15 @@ static int x509_name_cmp( const void *s1, const void *s2, size_t len )
    {
        diff = n1[i] ^ n2[i];

-        if( ( n1[i] >= 'a' || n1[i] <= 'z' ) && ( diff == 0 || diff == 32 ) )
+        if( diff == 0 )
            continue;

-        if( ( n1[i] >= 'A' || n1[i] <= 'Z' ) && ( diff == 0 || diff == 32 ) )
+        if( diff == 32 &&
+            ( ( n1[i] >= 'a' && n1[i] <= 'z' ) ||
+              ( n1[i] >= 'A' && n1[i] <= 'Z' ) ) )
+        {
            continue;
+        }

        return( 1 );
    }