1
0
Fork 0
mirror of https://repo.or.cz/socat.git synced 2025-07-15 07:33:25 +00:00

OpenSSL server could be crashed by client cert with IPv6 address in SubjectAltname

This commit is contained in:
Gerhard Rieger 2021-10-26 19:26:18 +02:00
parent e9c055b750
commit 1477334905
3 changed files with 72 additions and 9 deletions

View file

@ -1775,15 +1775,17 @@ static int openssl_handle_peer_certificate(struct single *xfd,
#if WITH_IP6
case 16: /* IPv6 */
inet_ntop(AF_INET6, data, aBuffer, sizeof(aBuffer));
xioip6_pton(peername, &ip6bin);
if (memcmp(data, &ip6bin, sizeof(ip6bin)) == 0) {
Debug2("subjectAltName \"%s\" matches peername \"%s\"",
aBuffer, peername);
ok = 1;
} else {
Info2("subjectAltName \"%s\" does not match peername \"%s\"",
aBuffer, peername);
}
if (peername != NULL) {
xioip6_pton(peername, &ip6bin);
if (memcmp(data, &ip6bin, sizeof(ip6bin)) == 0) {
Debug2("subjectAltName \"%s\" matches peername \"%s\"",
aBuffer, peername);
ok = 1;
} else {
Info2("subjectAltName \"%s\" does not match peername \"%s\"",
aBuffer, peername);
}
}
break;
#endif
}