Certficates: fixed counting DNS SAN entries.
Previously, entries of any type were counted during object allocation but only DNS type entries were actually processed. As a result, if some certificate entries had another type, returning information about the certificate caused uninitialized memory access.
This commit is contained in:
Valentin Bartenev
parent
178f232b3a
commit
f18a41c84b
2 changed files with 12 additions and 2 deletions
|
|
@ -37,6 +37,13 @@ Linux, and all uploaded certificate bundles were forgotten after restart.
|
||||||
</para>
|
</para>
|
||||||
</change>
|
</change>
|
||||||
|
|
||||||
|
<change type="bugfix">
|
||||||
|
<para>
|
||||||
|
the controller process could crash while requesting information about a
|
||||||
|
certificate with a non-DNS SAN entry.
|
||||||
|
</para>
|
||||||
|
</change>
|
||||||
|
|
||||||
<change type="bugfix">
|
<change type="bugfix">
|
||||||
<para>
|
<para>
|
||||||
the Ruby module didn't respect user locale for defaults in the Encoding class.
|
the Ruby module didn't respect user locale for defaults in the Encoding class.
|
||||||
|
|
|
||||||
|
|
@ -722,13 +722,16 @@ nxt_cert_name_details(nxt_mp_t *mp, X509 *x509, nxt_bool_t issuer)
|
||||||
|
|
||||||
if (alt_names != NULL) {
|
if (alt_names != NULL) {
|
||||||
count = sk_GENERAL_NAME_num(alt_names);
|
count = sk_GENERAL_NAME_num(alt_names);
|
||||||
|
n = 0;
|
||||||
|
|
||||||
for (n = 0; n != count; n++) {
|
for (i = 0; i != count; i++) {
|
||||||
name = sk_GENERAL_NAME_value(alt_names, n);
|
name = sk_GENERAL_NAME_value(alt_names, i);
|
||||||
|
|
||||||
if (name->type != GEN_DNS) {
|
if (name->type != GEN_DNS) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
n++;
|
||||||
}
|
}
|
||||||
|
|
||||||
names = nxt_conf_create_array(mp, n);
|
names = nxt_conf_create_array(mp, n);
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue