mirror of
https://repo.or.cz/socat.git
synced 2025-07-15 07:33:25 +00:00
OpenSSL server could be crashed by client cert with IPv6 address in SubjectAltname
This commit is contained in:
parent
e9c055b750
commit
1477334905
3 changed files with 72 additions and 9 deletions
|
@ -1775,15 +1775,17 @@ static int openssl_handle_peer_certificate(struct single *xfd,
|
|||
#if WITH_IP6
|
||||
case 16: /* IPv6 */
|
||||
inet_ntop(AF_INET6, data, aBuffer, sizeof(aBuffer));
|
||||
xioip6_pton(peername, &ip6bin);
|
||||
if (memcmp(data, &ip6bin, sizeof(ip6bin)) == 0) {
|
||||
Debug2("subjectAltName \"%s\" matches peername \"%s\"",
|
||||
aBuffer, peername);
|
||||
ok = 1;
|
||||
} else {
|
||||
Info2("subjectAltName \"%s\" does not match peername \"%s\"",
|
||||
aBuffer, peername);
|
||||
}
|
||||
if (peername != NULL) {
|
||||
xioip6_pton(peername, &ip6bin);
|
||||
if (memcmp(data, &ip6bin, sizeof(ip6bin)) == 0) {
|
||||
Debug2("subjectAltName \"%s\" matches peername \"%s\"",
|
||||
aBuffer, peername);
|
||||
ok = 1;
|
||||
} else {
|
||||
Info2("subjectAltName \"%s\" does not match peername \"%s\"",
|
||||
aBuffer, peername);
|
||||
}
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue