|
1 # Copied over from the desktop consolidation, which has the comment: |
|
2 # date:2011-02-16 owner:liyuan type bug bugster:7008664 |
|
3 # Bugster CR #7008664 is now BugDB CR #15688660 |
|
4 # 15688660 SUNBT7008664-SOLARIS_11 CVE-2010-2074 w3m problems handling x.509 data |
|
5 # |
|
6 # This patch needs to be evaluated to see if it needs to be passed upstream. |
|
7 |
|
8 --- w3m-0.5.2/istream.c 2007-05-23 23:06:05.000000000 +0800 |
|
9 +++ w3m-0.5.3/istream.c 2011-01-04 17:22:22.000000000 +0800 |
|
10 @@ -1,4 +1,4 @@ |
|
11 -/* $Id: istream.c,v 1.26 2007/05/23 15:06:05 inu Exp $ */ |
|
12 +/* $Id: istream.c,v 1.27 2010/07/18 13:43:23 htrb Exp $ */ |
|
13 #include "fm.h" |
|
14 #include "myctype.h" |
|
15 #include "istream.h" |
|
16 @@ -447,8 +447,17 @@ |
|
17 |
|
18 if (!seen_dnsname) |
|
19 seen_dnsname = Strnew(); |
|
20 + /* replace \0 to make full string visible to user */ |
|
21 + if (sl != strlen(sn)) { |
|
22 + int i; |
|
23 + for (i = 0; i < sl; ++i) { |
|
24 + if (!sn[i]) |
|
25 + sn[i] = '!'; |
|
26 + } |
|
27 + } |
|
28 Strcat_m_charp(seen_dnsname, sn, " ", NULL); |
|
29 - if (ssl_match_cert_ident(sn, sl, hostname)) |
|
30 + if (sl == strlen(sn) /* catch \0 in SAN */ |
|
31 + && ssl_match_cert_ident(sn, sl, hostname)) |
|
32 break; |
|
33 } |
|
34 } |
|
35 @@ -466,16 +475,27 @@ |
|
36 if (match_ident == FALSE && ret == NULL) { |
|
37 X509_NAME *xn; |
|
38 char buf[2048]; |
|
39 + int slen; |
|
40 |
|
41 xn = X509_get_subject_name(x); |
|
42 |
|
43 - if (X509_NAME_get_text_by_NID(xn, NID_commonName, |
|
44 - buf, sizeof(buf)) == -1) |
|
45 + slen = X509_NAME_get_text_by_NID(xn, NID_commonName, buf, sizeof(buf)); |
|
46 + if ( slen == -1) |
|
47 /* FIXME: gettextize? */ |
|
48 ret = Strnew_charp("Unable to get common name from peer cert"); |
|
49 - else if (!ssl_match_cert_ident(buf, strlen(buf), hostname)) |
|
50 + else if (slen != strlen(buf) |
|
51 + || !ssl_match_cert_ident(buf, strlen(buf), hostname)) { |
|
52 + /* replace \0 to make full string visible to user */ |
|
53 + if (slen != strlen(buf)) { |
|
54 + int i; |
|
55 + for (i = 0; i < slen; ++i) { |
|
56 + if (!buf[i]) |
|
57 + buf[i] = '!'; |
|
58 + } |
|
59 + } |
|
60 /* FIXME: gettextize? */ |
|
61 ret = Sprintf("Bad cert ident %s from %s", buf, hostname); |
|
62 + } |
|
63 else |
|
64 match_ident = TRUE; |
|
65 } |