diff options
author | Benny Baumann <BenBE@geshi.org> | 2015-07-25 14:38:13 +0200 |
---|---|---|
committer | Benny Baumann <BenBE@geshi.org> | 2015-07-25 14:38:13 +0200 |
commit | dc0f2ae0d23915ed991f0037df0e9d858008984f (patch) | |
tree | cf7b683fa73029a76515b42ec3d5a8a453a11f04 | |
parent | 345eb2e771f6475e243f406fe37c41933a520c11 (diff) | |
download | cacert-devel-dc0f2ae0d23915ed991f0037df0e9d858008984f.tar.gz cacert-devel-dc0f2ae0d23915ed991f0037df0e9d858008984f.tar.xz cacert-devel-dc0f2ae0d23915ed991f0037df0e9d858008984f.zip |
bug 1392: Check domain names in CN/SAN to at least basically comply to RFC
-rw-r--r-- | includes/general.php | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/includes/general.php b/includes/general.php index 17b449b..e6e440f 100644 --- a/includes/general.php +++ b/includes/general.php @@ -298,8 +298,14 @@ } } - if($cnok == 0) + if(!preg_match("/(?=^.{4,253}$)(^(?:\\*\\.)?((?!-)[a-zA-Z0-9_-]{1,63}(?<!-)\\.)+[a-zA-Z]{2,63}$)/i", $CN)) { + $cnok = 0; + } + + if($cnok == 0) { $_SESSION['_config']['rejected'][] = $CN; + continue; + } if($_SESSION['_config']['row'] != "") $rows[] = $CN; @@ -350,8 +356,14 @@ } } - if($altok == 0) + if(!preg_match("/(?=^.{4,253}$)(^(?:\\*\\.)?((?!-)[a-zA-Z0-9_-]{1,63}(?<!-)\\.)+[a-zA-Z]{2,63}$)/i", $subalt)) { + $altok = 0; + } + + if($altok == 0) { $_SESSION['_config']['rejected'][] = $alt; + continue; + } if($_SESSION['_config']['altrow'] != "") $altrows[] = $subalt; @@ -391,6 +403,10 @@ } } + if(!preg_match("/(?=^.{4,253}$)(^(?:\\*\\.)?((?!-)[a-zA-Z0-9_-]{1,63}(?<!-)\\.)+[a-zA-Z]{2,63}$)/i", $CN)) { + continue; + } + if($_SESSION['_config']['row'] != "") $rows[] = $CN; } @@ -439,6 +455,10 @@ } } + if(!preg_match("/(?=^.{4,253}$)(^(?:\\*\\.)?((?!-)[a-zA-Z0-9_-]{1,63}(?<!-)\\.)+[a-zA-Z]{2,63}$)/i", $subalt)) { + continue; + } + if($_SESSION['_config']['altrow'] != "") $altrows[] = $subalt; } |