You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It appears that the implementation of Curl_verifyhost in x509asn1.c does a memcmp of &addr and q (where q = Curl_getASN1Element(...)). Running with a debugger appears to show that (name.end - q) = 0, which when compared to addrlen fails, preventing the memcmp even happening.
I wonder if it should it be comparing addrlen to (name.end - name.beg) & memcmp-ing &addr with name.beg?
The text was updated successfully, but these errors were encountered:
Yeah that doesn't look right. On success the pointer assigned to q should always be the same as what was assigned to name.end which means it would always be 0. I almost can't believe nobody's ever caught that though it must not be a heavily used function since it's gskit. I agree your solution sounds correct. Are you able to test it out and write up a PR for it?
field of a certificate.
For IP addresses in the subject alternative name field, the length
of the IP address (and hence the number of bytes to perform a
memcmp on) is incorrectly calculated to be zero. The code previously
subtracted q from name.end. where in a successful case q = name.end
and therefore addrlen equalled 0. The change modifies the code to
subtract name.beg from name.end to calculate the length correctly.
Fixescurl#3102
I did this
Ran an HTTPS application using libcurl + GSKit TLS provider, connecting to a server at https://192.168.0.2:9443 who's certificate contains a SAN of:
I expected the following
For the connection to succeed
curl/libcurl version
operating system
Fedora 28
problem
It appears that the implementation of Curl_verifyhost in x509asn1.c does a memcmp of &addr and q (where q = Curl_getASN1Element(...)). Running with a debugger appears to show that (name.end - q) = 0, which when compared to addrlen fails, preventing the memcmp even happening.
I wonder if it should it be comparing addrlen to (name.end - name.beg) & memcmp-ing &addr with name.beg?
The text was updated successfully, but these errors were encountered: