Skip to content
Permalink
Browse files

Fix a bug in OkHostnameVerifier wildcard handling.

Wildcard domain name patterns of the form *.remainder are supposed to
match domain names that exactly match the remainder. Due to a bug,
the match was not exact but rather a prefix match: domain names
starting with the remainder would match too.

This CL fixes the issue.

(cherry picked from commit a03ec4ced2b11f9eae6cbeeedb1db2b1b29fafb1)

Bug: 18432707
Change-Id: Ie40b71a26df1ac2a972341e7b3b40dd9cf38e8b1
  • Loading branch information...
klyubin authored and andi34 committed Nov 19, 2014
1 parent b6b72da commit eae39447887e66fa3e27eb664245625e5cf2720f
@@ -162,7 +162,7 @@ public boolean verifyHostName(String hostName, String cn) {
return hostName.equals(cn);
}

if (cn.startsWith("*.") && hostName.regionMatches(0, cn, 2, cn.length() - 2)) {
if (cn.startsWith("*.") && hostName.equals(cn.substring(2))) {
return true; // "*.foo.com" matches "foo.com"
}

@@ -293,6 +293,7 @@
assertTrue(verifier.verify("www.foo.com", session));
assertTrue(verifier.verify("\u82b1\u5b50.foo.com", session));
assertFalse(verifier.verify("a.b.foo.com", session));
assertFalse(verifier.verify("foo.com.au", session));
}

@Test public void verifyWilcardCnOnTld() throws Exception {

0 comments on commit eae3944

Please sign in to comment.
You can’t perform that action at this time.