summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFelix Dörre <felix@dogcraft.de>2014-06-19 14:15:21 +0200
committerFelix Dörre <felix@dogcraft.de>2014-06-19 15:48:45 +0200
commitd7506849135861d0fab472799d1019c8d3794bb4 (patch)
tree9ae916cb58d669e3de596f50939c03208a07db93
parent2763b468d24bd48b9f7902a98949e80a92556d74 (diff)
downloadcacert-devel-d7506849135861d0fab472799d1019c8d3794bb4.tar.gz
cacert-devel-d7506849135861d0fab472799d1019c8d3794bb4.tar.xz
cacert-devel-d7506849135861d0fab472799d1019c8d3794bb4.zip
bug 1212: fixing domains like "*.*.domain.tld"
forbid * in domain names except for starting the domain with "*."
-rw-r--r--includes/general.php29
1 files changed, 29 insertions, 0 deletions
diff --git a/includes/general.php b/includes/general.php
index 5cfe331..621e1cc 100644
--- a/includes/general.php
+++ b/includes/general.php
@@ -266,6 +266,13 @@
}
}
+ function isValidWildcard($name){
+ if(substr($name,0,2) == "*."){
+ $name = substr($name, 2);
+ }
+ return strpos($name, "*") === false;
+ }
+
function getcn()
{
unset($_SESSION['_config']['rows']);
@@ -279,6 +286,12 @@
$bits = explode(".", $CN);
$dom = "";
$cnok = 0;
+
+ if(!isValidWildcard($CN)){
+ $_SESSION['_config']['rejected'][] = $CN;
+ continue;
+ }
+
for($i = count($bits) - 1; $i >= 0; $i--)
{
if($dom)
@@ -328,6 +341,11 @@
else
continue;
+ if(!isValidWildcard($alt)){
+ $_SESSION['_config']['rejected'][] = $alt;
+ continue;
+ }
+
$bits = explode(".", $alt);
$dom = "";
$altok = 0;
@@ -369,6 +387,12 @@
$CN = $_SESSION['_config']["$cnc.CN"];
$bits = explode(".", $CN);
$dom = "";
+
+ if(!isValidWildcard($CN)){
+ $_SESSION['_config']['rejected'][] = $CN;
+ continue;
+ }
+
for($i = count($bits) - 1; $i >= 0; $i--)
{
if($dom)
@@ -415,6 +439,11 @@
else
continue;
+ if(!isValidWildcard($alt)){
+ $_SESSION['_config']['rejected'][] = $alt;
+ continue;
+ }
+
$bits = explode(".", $alt);
$dom = "";
for($i = count($bits) - 1; $i >= 0; $i--)