crypt32: Only accept trailing NULLs in a certificate common name.

Juan Lang juan.lang at
Tue Jan 31 12:10:02 CST 2012

Hi Erich,

On Tue, Jan 31, 2012 at 9:34 AM, Erich E. Hoover <ehoover at> wrote:
> On Tue, Jan 31, 2012 at 10:23 AM, Erich E. Hoover <ehoover at> wrote:
>> On Tue, Jan 31, 2012 at 10:04 AM, Juan Lang <juan.lang at> wrote:
>>> Sorry I didn't spot this earlier.  Without this, someone who registers
>>> a certificate common name with an embedded NULL, like
>>> "\0.badguy", could fool crypt32 into accepting it for a
>>> domain it isn't registered to, in my example.
>> It looks like you've just changed it to allow more than one NULL at
>> the end...  It seems to me that the matching code already handles the
>> case of an embedded NULL, since it goes through the allowed_len
>> characters and manually checks each byte (rather than using a routine
>> like strcmp() which stops at NULLs).

Well, sort of.  The byte-by-byte comparison takes place component by
component.  The boundary between each component is defined by the
presence of a '.'.  That's why, in my example, I have an embedded NULL
immediately prior to a '.'.  After the end of each component is found,
it's passed to match_domain_component.  In the current git version,
each component strips a NULL, hence an embedded NULL is accepted.  In
the version I sent, only trailing NULL(s) are removed.

You're right that I allow multiple trailing NULLs rather than just
one, but that difference seems immaterial.  The key one is to prevent
NULLs immediately prior to dots.

More information about the wine-devel mailing list