From 792ef23e6e1c05780fe17f733859eef6eb8c8be3 Mon Sep 17 00:00:00 2001 From: Andreas Weigel Date: Wed, 18 Oct 2023 04:14:31 +0000 Subject: [PATCH] Fix validation of certificates with CN=* (#1523) The bug was discovered and detailed by Joshua Rogers at https://megamansec.github.io/Squid-Security-Audit/ where it was filed as "Buffer UnderRead in SSL CN Parsing". --- src/anyp/Uri.cc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/anyp/Uri.cc b/src/anyp/Uri.cc index 77b6f0c92..a6a5d5d9e 100644 --- a/src/anyp/Uri.cc +++ b/src/anyp/Uri.cc @@ -173,6 +173,10 @@ urlInitialize(void) assert(0 == matchDomainName("*.foo.com", ".foo.com", mdnHonorWildcards)); assert(0 != matchDomainName("*.foo.com", "foo.com", mdnHonorWildcards)); + assert(0 != matchDomainName("foo.com", "")); + assert(0 != matchDomainName("foo.com", "", mdnHonorWildcards)); + assert(0 != matchDomainName("foo.com", "", mdnRejectSubsubDomains)); + /* more cases? */ } @@ -756,6 +760,8 @@ matchDomainName(const char *h, const char *d, MatchDomainNameFlags flags) return -1; dl = strlen(d); + if (dl == 0) + return 1; /* * Start at the ends of the two strings and work towards the -- 2.25.1