summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBenny Baumann <BenBE@geshi.org>2015-07-25 14:56:13 +0200
committerBenny Baumann <BenBE@geshi.org>2015-07-25 14:56:13 +0200
commit310fd4c54a84cb1e7b8a8a24a6224f15711333f7 (patch)
treec06ff98cfe5d28a6098a1ded1e8e7dc582e558b6
parent345eb2e771f6475e243f406fe37c41933a520c11 (diff)
parent69cbc101efa4a568e92d98d97bfc1e0f41d68e41 (diff)
downloadcacert-devel-310fd4c54a84cb1e7b8a8a24a6224f15711333f7.tar.gz
cacert-devel-310fd4c54a84cb1e7b8a8a24a6224f15711333f7.tar.xz
cacert-devel-310fd4c54a84cb1e7b8a8a24a6224f15711333f7.zip
Merge branch 'bug-1392' into release
-rwxr-xr-xCommModule/server.pl10
-rw-r--r--includes/general.php24
2 files changed, 27 insertions, 7 deletions
diff --git a/CommModule/server.pl b/CommModule/server.pl
index 6084042..3fd77e6 100755
--- a/CommModule/server.pl
+++ b/CommModule/server.pl
@@ -491,8 +491,8 @@ sub SignX509($$$$$$$$)
$subject=~ s/\\x([A-F0-9]{2})/pack("C", hex($1))/egi;
$san=~ s/\\x([A-F0-9]{2})/pack("C", hex($1))/egi;
- Error "Invalid characters in SubjectAltName!\n" if($san=~m/[ \n\r\t\x00"'\\]/);
- Error "Invalid characters in Subject: ".hexdump($subject)." - $subject\n" if($subject=~m/[\n\r\t\x00"'\\]/);
+ Error "Invalid characters in SubjectAltName!\n" if($san=~m/[ \n\r\t\x00#"'\\]/);
+ Error "Invalid characters in Subject: ".hexdump($subject)." - $subject\n" if($subject=~m/[\n\r\t\x00#"'\\]/);
print "Subject: $subject\n";
print "SAN: $san\n";
@@ -590,8 +590,8 @@ sub SignOpenPGP
my $keyid=undef;
- Error "Invalid characters in SubjectAltName!\n" if($san=~m/[ \n\r\t\x00"'\\]/);
- Error "Invalid characters in Subject!\n" if($subject=~m/[ \n\r\t\x00"'\\;]/);
+ Error "Invalid characters in SubjectAltName!\n" if($san=~m/[ \n\r\t\x00#"'\\]/);
+ Error "Invalid characters in Subject!\n" if($subject=~m/[ \n\r\t\x00#"'\\;]/);
if(open OUT,">$wid/request.key")
@@ -843,7 +843,7 @@ sub RevokeX509
{
my ($root,$template,$hash,$days,$spkac,$request,$san,$subject)=@_;
- Error "Invalid characters in SubjectAltName!\n" if($san=~m/[ \n\r\t\x00"'\\]/);
+ Error "Invalid characters in SubjectAltName!\n" if($san=~m/[ \n\r\t\x00#"'\\]/);
Error "Invalid characters in Hash!\n" if(! $subject=~m/^[0-9a-fA-F]+$/);
SysLog "Widerrufe $PkiSystems{$_[0]}\n";
diff --git a/includes/general.php b/includes/general.php
index 17b449b..e6e440f 100644
--- a/includes/general.php
+++ b/includes/general.php
@@ -298,8 +298,14 @@
}
}
- if($cnok == 0)
+ if(!preg_match("/(?=^.{4,253}$)(^(?:\\*\\.)?((?!-)[a-zA-Z0-9_-]{1,63}(?<!-)\\.)+[a-zA-Z]{2,63}$)/i", $CN)) {
+ $cnok = 0;
+ }
+
+ if($cnok == 0) {
$_SESSION['_config']['rejected'][] = $CN;
+ continue;
+ }
if($_SESSION['_config']['row'] != "")
$rows[] = $CN;
@@ -350,8 +356,14 @@
}
}
- if($altok == 0)
+ if(!preg_match("/(?=^.{4,253}$)(^(?:\\*\\.)?((?!-)[a-zA-Z0-9_-]{1,63}(?<!-)\\.)+[a-zA-Z]{2,63}$)/i", $subalt)) {
+ $altok = 0;
+ }
+
+ if($altok == 0) {
$_SESSION['_config']['rejected'][] = $alt;
+ continue;
+ }
if($_SESSION['_config']['altrow'] != "")
$altrows[] = $subalt;
@@ -391,6 +403,10 @@
}
}
+ if(!preg_match("/(?=^.{4,253}$)(^(?:\\*\\.)?((?!-)[a-zA-Z0-9_-]{1,63}(?<!-)\\.)+[a-zA-Z]{2,63}$)/i", $CN)) {
+ continue;
+ }
+
if($_SESSION['_config']['row'] != "")
$rows[] = $CN;
}
@@ -439,6 +455,10 @@
}
}
+ if(!preg_match("/(?=^.{4,253}$)(^(?:\\*\\.)?((?!-)[a-zA-Z0-9_-]{1,63}(?<!-)\\.)+[a-zA-Z]{2,63}$)/i", $subalt)) {
+ continue;
+ }
+
if($_SESSION['_config']['altrow'] != "")
$altrows[] = $subalt;
}