diff options
| author | Benny Baumann <BenBE@geshi.org> | 2015-07-25 14:56:13 +0200 |
|---|---|---|
| committer | Benny Baumann <BenBE@geshi.org> | 2015-07-25 14:56:13 +0200 |
| commit | 310fd4c54a84cb1e7b8a8a24a6224f15711333f7 (patch) | |
| tree | c06ff98cfe5d28a6098a1ded1e8e7dc582e558b6 | |
| parent | 345eb2e771f6475e243f406fe37c41933a520c11 (diff) | |
| parent | 69cbc101efa4a568e92d98d97bfc1e0f41d68e41 (diff) | |
| download | cacert-devel-310fd4c54a84cb1e7b8a8a24a6224f15711333f7.tar.gz cacert-devel-310fd4c54a84cb1e7b8a8a24a6224f15711333f7.tar.xz cacert-devel-310fd4c54a84cb1e7b8a8a24a6224f15711333f7.zip | |
Merge branch 'bug-1392' into release
| -rwxr-xr-x | CommModule/server.pl | 10 | ||||
| -rw-r--r-- | includes/general.php | 24 |
2 files changed, 27 insertions, 7 deletions
diff --git a/CommModule/server.pl b/CommModule/server.pl index 6084042..3fd77e6 100755 --- a/CommModule/server.pl +++ b/CommModule/server.pl @@ -491,8 +491,8 @@ sub SignX509($$$$$$$$) $subject=~ s/\\x([A-F0-9]{2})/pack("C", hex($1))/egi; $san=~ s/\\x([A-F0-9]{2})/pack("C", hex($1))/egi; - Error "Invalid characters in SubjectAltName!\n" if($san=~m/[ \n\r\t\x00"'\\]/); - Error "Invalid characters in Subject: ".hexdump($subject)." - $subject\n" if($subject=~m/[\n\r\t\x00"'\\]/); + Error "Invalid characters in SubjectAltName!\n" if($san=~m/[ \n\r\t\x00#"'\\]/); + Error "Invalid characters in Subject: ".hexdump($subject)." - $subject\n" if($subject=~m/[\n\r\t\x00#"'\\]/); print "Subject: $subject\n"; print "SAN: $san\n"; @@ -590,8 +590,8 @@ sub SignOpenPGP my $keyid=undef; - Error "Invalid characters in SubjectAltName!\n" if($san=~m/[ \n\r\t\x00"'\\]/); - Error "Invalid characters in Subject!\n" if($subject=~m/[ \n\r\t\x00"'\\;]/); + Error "Invalid characters in SubjectAltName!\n" if($san=~m/[ \n\r\t\x00#"'\\]/); + Error "Invalid characters in Subject!\n" if($subject=~m/[ \n\r\t\x00#"'\\;]/); if(open OUT,">$wid/request.key") @@ -843,7 +843,7 @@ sub RevokeX509 { my ($root,$template,$hash,$days,$spkac,$request,$san,$subject)=@_; - Error "Invalid characters in SubjectAltName!\n" if($san=~m/[ \n\r\t\x00"'\\]/); + Error "Invalid characters in SubjectAltName!\n" if($san=~m/[ \n\r\t\x00#"'\\]/); Error "Invalid characters in Hash!\n" if(! $subject=~m/^[0-9a-fA-F]+$/); SysLog "Widerrufe $PkiSystems{$_[0]}\n"; diff --git a/includes/general.php b/includes/general.php index 17b449b..e6e440f 100644 --- a/includes/general.php +++ b/includes/general.php @@ -298,8 +298,14 @@ } } - if($cnok == 0) + if(!preg_match("/(?=^.{4,253}$)(^(?:\\*\\.)?((?!-)[a-zA-Z0-9_-]{1,63}(?<!-)\\.)+[a-zA-Z]{2,63}$)/i", $CN)) { + $cnok = 0; + } + + if($cnok == 0) { $_SESSION['_config']['rejected'][] = $CN; + continue; + } if($_SESSION['_config']['row'] != "") $rows[] = $CN; @@ -350,8 +356,14 @@ } } - if($altok == 0) + if(!preg_match("/(?=^.{4,253}$)(^(?:\\*\\.)?((?!-)[a-zA-Z0-9_-]{1,63}(?<!-)\\.)+[a-zA-Z]{2,63}$)/i", $subalt)) { + $altok = 0; + } + + if($altok == 0) { $_SESSION['_config']['rejected'][] = $alt; + continue; + } if($_SESSION['_config']['altrow'] != "") $altrows[] = $subalt; @@ -391,6 +403,10 @@ } } + if(!preg_match("/(?=^.{4,253}$)(^(?:\\*\\.)?((?!-)[a-zA-Z0-9_-]{1,63}(?<!-)\\.)+[a-zA-Z]{2,63}$)/i", $CN)) { + continue; + } + if($_SESSION['_config']['row'] != "") $rows[] = $CN; } @@ -439,6 +455,10 @@ } } + if(!preg_match("/(?=^.{4,253}$)(^(?:\\*\\.)?((?!-)[a-zA-Z0-9_-]{1,63}(?<!-)\\.)+[a-zA-Z]{2,63}$)/i", $subalt)) { + continue; + } + if($_SESSION['_config']['altrow'] != "") $altrows[] = $subalt; } |