Certficates: fixed counting DNS SAN entries.
Previously, entries of any type were counted during object allocation but only DNS type entries were actually processed. As a result, if some certificate entries had another type, returning information about the certificate caused uninitialized memory access.
This commit is contained in:
parent
178f232b3a
commit
f18a41c84b
2 changed files with 12 additions and 2 deletions
|
@ -37,6 +37,13 @@ Linux, and all uploaded certificate bundles were forgotten after restart.
|
|||
</para>
|
||||
</change>
|
||||
|
||||
<change type="bugfix">
|
||||
<para>
|
||||
the controller process could crash while requesting information about a
|
||||
certificate with a non-DNS SAN entry.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
<change type="bugfix">
|
||||
<para>
|
||||
the Ruby module didn't respect user locale for defaults in the Encoding class.
|
||||
|
|
|
@ -722,13 +722,16 @@ nxt_cert_name_details(nxt_mp_t *mp, X509 *x509, nxt_bool_t issuer)
|
|||
|
||||
if (alt_names != NULL) {
|
||||
count = sk_GENERAL_NAME_num(alt_names);
|
||||
n = 0;
|
||||
|
||||
for (n = 0; n != count; n++) {
|
||||
name = sk_GENERAL_NAME_value(alt_names, n);
|
||||
for (i = 0; i != count; i++) {
|
||||
name = sk_GENERAL_NAME_value(alt_names, i);
|
||||
|
||||
if (name->type != GEN_DNS) {
|
||||
continue;
|
||||
}
|
||||
|
||||
n++;
|
||||
}
|
||||
|
||||
names = nxt_conf_create_array(mp, n);
|
||||
|
|
Loading…
Reference in a new issue