bug 1392: Check domain names in CN/SAN to at least basically comply to RFC
authorBenny Baumann <BenBE@geshi.org>
Sat, 25 Jul 2015 12:38:13 +0000 (14:38 +0200)
committerBenny Baumann <BenBE@geshi.org>
Sat, 25 Jul 2015 12:38:13 +0000 (14:38 +0200)
includes/general.php

index 17b449b..e6e440f 100644 (file)
                                }
                        }
 
-                       if($cnok == 0)
+                       if(!preg_match("/(?=^.{4,253}$)(^(?:\\*\\.)?((?!-)[a-zA-Z0-9_-]{1,63}(?<!-)\\.)+[a-zA-Z]{2,63}$)/i", $CN)) {
+                               $cnok = 0;
+                       }
+
+                       if($cnok == 0) {
                                $_SESSION['_config']['rejected'][] = $CN;
+                               continue;
+                       }
 
                        if($_SESSION['_config']['row'] != "")
                                $rows[] = $CN;
                                }
                        }
 
-                       if($altok == 0)
+                       if(!preg_match("/(?=^.{4,253}$)(^(?:\\*\\.)?((?!-)[a-zA-Z0-9_-]{1,63}(?<!-)\\.)+[a-zA-Z]{2,63}$)/i", $subalt)) {
+                               $altok = 0;
+                       }
+
+                       if($altok == 0) {
                                $_SESSION['_config']['rejected'][] = $alt;
+                               continue;
+                       }
 
                        if($_SESSION['_config']['altrow'] != "")
                                $altrows[] = $subalt;
                                }
                        }
 
+                       if(!preg_match("/(?=^.{4,253}$)(^(?:\\*\\.)?((?!-)[a-zA-Z0-9_-]{1,63}(?<!-)\\.)+[a-zA-Z]{2,63}$)/i", $CN)) {
+                               continue;
+                       }
+
                        if($_SESSION['_config']['row'] != "")
                                $rows[] = $CN;
                }
                                }
                        }
 
+                       if(!preg_match("/(?=^.{4,253}$)(^(?:\\*\\.)?((?!-)[a-zA-Z0-9_-]{1,63}(?<!-)\\.)+[a-zA-Z]{2,63}$)/i", $subalt)) {
+                               continue;
+                       }
+
                        if($_SESSION['_config']['altrow'] != "")
                                $altrows[] = $subalt;
                }