crypt32: Only accept trailing NULLs in a certificate common name.
Erich E. Hoover
ehoover at mines.edu
Tue Jan 31 11:23:38 CST 2012
On Tue, Jan 31, 2012 at 10:04 AM, Juan Lang <juan.lang at gmail.com> wrote:
> Sorry I didn't spot this earlier. Without this, someone who registers
> a certificate common name with an embedded NULL, like
> "codeweavers.com\0.badguy", could fool crypt32 into accepting it for a
> domain it isn't registered to, codeweavers.com in my example.
It looks like you've just changed it to allow more than one NULL at
the end... It seems to me that the matching code already handles the
case of an embedded NULL, since it goes through the allowed_len
characters and manually checks each byte (rather than using a routine
like strcmp() which stops at NULLs).
Erich Hoover
ehoover at mines.edu
More information about the wine-patches
mailing list