Juan Lang : crypt32: Support IPv6 addresses in name constraint comparison.
Alexandre Julliard
julliard at winehq.org
Thu Oct 29 11:20:35 CDT 2009
Module: wine
Branch: master
Commit: 24399bd3599101bc8f1600cf0c13a54483662bcc
URL: http://source.winehq.org/git/wine.git/?a=commit;h=24399bd3599101bc8f1600cf0c13a54483662bcc
Author: Juan Lang <juan.lang at gmail.com>
Date: Fri Oct 23 14:38:47 2009 -0700
crypt32: Support IPv6 addresses in name constraint comparison.
---
dlls/crypt32/chain.c | 21 +++++++++++++++++++--
1 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index 1b26bf3..e8f9de3 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -548,9 +548,13 @@ static BOOL ip_address_matches(const CRYPT_DATA_BLOB *constraint,
TRACE("(%d, %p), (%d, %p)\n", constraint->cbData, constraint->pbData,
name->cbData, name->pbData);
- if (constraint->cbData != sizeof(DWORD) * 2)
+ /* RFC5280, section 4.2.1.10, iPAddress syntax: either 8 or 32 bytes, for
+ * IPv4 or IPv6 addresses, respectively.
+ */
+ if (constraint->cbData != sizeof(DWORD) * 2 && constraint->cbData != 32)
*trustErrorStatus |= CERT_TRUST_INVALID_NAME_CONSTRAINTS;
- else if (name->cbData == sizeof(DWORD))
+ else if (name->cbData == sizeof(DWORD) &&
+ constraint->cbData == sizeof(DWORD) * 2)
{
DWORD subnet, mask, addr;
@@ -562,6 +566,19 @@ static BOOL ip_address_matches(const CRYPT_DATA_BLOB *constraint,
*/
match = (subnet & mask) == (addr & mask);
}
+ else if (name->cbData == 16 && constraint->cbData == 32)
+ {
+ const BYTE *subnet, *mask, *addr;
+ DWORD i;
+
+ subnet = constraint->pbData;
+ mask = constraint->pbData + 16;
+ addr = name->pbData;
+ match = TRUE;
+ for (i = 0; match && i < 16; i++)
+ if ((subnet[i] & mask[i]) != (addr[i] & mask[i]))
+ match = FALSE;
+ }
/* else: name is wrong size, no match */
return match;
More information about the wine-cvs
mailing list