git://git.exim.org / users / heiko / exim.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Support optional server certificate name checking. Bug 1479
[users/heiko/exim.git] / src / src / tlscert-openssl.c
diff --git a/src/src/tlscert-openssl.c b/src/src/tlscert-openssl.c
index 29095782acd20d5643ff87c768732d7272d73556..0614b4025c8c0700c5739978bf988ff4e07e403b 100644 (file)
--- a/src/src/tlscert-openssl.c
+++ b/src/src/tlscert-openssl.c
@@ -237,6 +237,7 @@ uschar sep = '\n';
 uschar * tag = US"";
 uschar * ele;
 int match = -1;
+int len;
 
 if (!san) return NULL;
 
@@ -262,19 +263,26 @@ while (sk_GENERAL_NAME_num(san) > 0)
     case GEN_DNS:
       tag = US"DNS";
       ele = ASN1_STRING_data(namePart->d.dNSName);
+      len = ASN1_STRING_length(namePart->d.dNSName);
       break;
     case GEN_URI:
       tag = US"URI";
       ele = ASN1_STRING_data(namePart->d.uniformResourceIdentifier);
+      len = ASN1_STRING_length(namePart->d.uniformResourceIdentifier);
       break;
     case GEN_EMAIL:
       tag = US"MAIL";
       ele = ASN1_STRING_data(namePart->d.rfc822Name);
+      len = ASN1_STRING_length(namePart->d.rfc822Name);
       break;
     default:
       continue;        /* ignore unrecognised types */
     }
-  list = string_append_listele(list, sep,
+  if (ele[len])        /* not nul-terminated */
+    ele = string_copyn(ele, len);
+
+  if (strnlen(CS ele, len) == len)     /* ignore any with embedded nul */
+    list = string_append_listele(list, sep,
          match == -1 ? string_sprintf("%s=%s", tag, ele) : ele);
   }
 
Unnamed repository; edit this file 'description' to name the repository.