summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBenny Baumann <BenBE@geshi.org>2015-07-25 14:38:13 +0200
committerBenny Baumann <BenBE@geshi.org>2015-07-25 14:38:13 +0200
commitdc0f2ae0d23915ed991f0037df0e9d858008984f (patch)
treecf7b683fa73029a76515b42ec3d5a8a453a11f04
parent345eb2e771f6475e243f406fe37c41933a520c11 (diff)
downloadcacert-devel-dc0f2ae0d23915ed991f0037df0e9d858008984f.tar.gz
cacert-devel-dc0f2ae0d23915ed991f0037df0e9d858008984f.tar.xz
cacert-devel-dc0f2ae0d23915ed991f0037df0e9d858008984f.zip
bug 1392: Check domain names in CN/SAN to at least basically comply to RFC
-rw-r--r--includes/general.php24
1 files changed, 22 insertions, 2 deletions
diff --git a/includes/general.php b/includes/general.php
index 17b449b..e6e440f 100644
--- a/includes/general.php
+++ b/includes/general.php
@@ -298,8 +298,14 @@
}
}
- if($cnok == 0)
+ if(!preg_match("/(?=^.{4,253}$)(^(?:\\*\\.)?((?!-)[a-zA-Z0-9_-]{1,63}(?<!-)\\.)+[a-zA-Z]{2,63}$)/i", $CN)) {
+ $cnok = 0;
+ }
+
+ if($cnok == 0) {
$_SESSION['_config']['rejected'][] = $CN;
+ continue;
+ }
if($_SESSION['_config']['row'] != "")
$rows[] = $CN;
@@ -350,8 +356,14 @@
}
}
- if($altok == 0)
+ if(!preg_match("/(?=^.{4,253}$)(^(?:\\*\\.)?((?!-)[a-zA-Z0-9_-]{1,63}(?<!-)\\.)+[a-zA-Z]{2,63}$)/i", $subalt)) {
+ $altok = 0;
+ }
+
+ if($altok == 0) {
$_SESSION['_config']['rejected'][] = $alt;
+ continue;
+ }
if($_SESSION['_config']['altrow'] != "")
$altrows[] = $subalt;
@@ -391,6 +403,10 @@
}
}
+ if(!preg_match("/(?=^.{4,253}$)(^(?:\\*\\.)?((?!-)[a-zA-Z0-9_-]{1,63}(?<!-)\\.)+[a-zA-Z]{2,63}$)/i", $CN)) {
+ continue;
+ }
+
if($_SESSION['_config']['row'] != "")
$rows[] = $CN;
}
@@ -439,6 +455,10 @@
}
}
+ if(!preg_match("/(?=^.{4,253}$)(^(?:\\*\\.)?((?!-)[a-zA-Z0-9_-]{1,63}(?<!-)\\.)+[a-zA-Z]{2,63}$)/i", $subalt)) {
+ continue;
+ }
+
if($_SESSION['_config']['altrow'] != "")
$altrows[] = $subalt;
}