Juan Lang : crypt32: Update a comment to reflect a fixed vulnerability.

[Alexandre Julliard]

Module: wine
Branch: master
Commit: 7eb33b18dac0a5c7f76d4e5bc6453b4b0d1cbd66
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=7eb33b18dac0a5c7f76d4e5bc6453b4b0d1cbd66

Author: Juan Lang <juan.lang at gmail.com>
Date:   Tue Nov 10 10:18:36 2009 -0800

crypt32: Update a comment to reflect a fixed vulnerability.

---

 dlls/crypt32/chain.c |    7 +++----
 1 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index c6eaaec..a69b9e4 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -2363,11 +2363,10 @@ static BOOL match_dns_to_subject_alt_name(PCERT_EXTENSION ext,
     DWORD size;
 
     TRACE_(chain)("%s\n", debugstr_w(server_name));
-    /* FIXME: This can be spoofed by the embedded NULL vulnerability.  The
+    /* This could be spoofed by the embedded NULL vulnerability, since the
      * returned CERT_ALT_NAME_INFO doesn't have a way to indicate the
-     * encoded length of a name, so a certificate issued to
-     * winehq.org\0badsite.com will get treated as having been issued to
-     * winehq.org.
+     * encoded length of a name.  Fortunately CryptDecodeObjectEx fails if
+     * the encoded form of the name contains a NULL.
      */
     if (CryptDecodeObjectEx(X509_ASN_ENCODING, X509_ALTERNATE_NAME,
      ext->Value.pbData, ext->Value.cbData,