From 9c1876f542a9d26dbc3d96c36deff60a48d3e239 Mon Sep 17 00:00:00 2001 From: Tatsuhiro Tsujikawa Date: Sun, 21 May 2017 00:19:33 +0900 Subject: [PATCH] nghttpx: Fix certificate indexing bug --- src/shrpx_tls.cc | 16 ++++++++-------- src/shrpx_tls_test.cc | 6 +++--- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/src/shrpx_tls.cc b/src/shrpx_tls.cc index ff342b57..d9fc7bd3 100644 --- a/src/shrpx_tls.cc +++ b/src/shrpx_tls.cc @@ -1511,8 +1511,6 @@ int cert_lookup_tree_add_ssl_ctx( #endif // defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < // 0x10002000L - auto idx = indexed_ssl_ctx.size(); - auto altnames = static_cast( X509_get_ext_d2i(cert, NID_subject_alt_name, nullptr, nullptr)); if (altnames) { @@ -1555,11 +1553,12 @@ int cert_lookup_tree_add_ssl_ctx( auto end_buf = std::copy_n(name, len, std::begin(buf)); util::inp_strlower(std::begin(buf), end_buf); - auto nidx = lt->add_cert(StringRef{std::begin(buf), end_buf}, idx); - if (nidx == -1) { + auto idx = lt->add_cert(StringRef{std::begin(buf), end_buf}, + indexed_ssl_ctx.size()); + if (idx == -1) { continue; } - idx = nidx; + if (idx < indexed_ssl_ctx.size()) { indexed_ssl_ctx[idx].push_back(ssl_ctx); } else { @@ -1595,11 +1594,12 @@ int cert_lookup_tree_add_ssl_ctx( util::inp_strlower(std::begin(buf), end_buf); - auto nidx = lt->add_cert(StringRef{std::begin(buf), end_buf}, idx); - if (nidx == -1) { + auto idx = + lt->add_cert(StringRef{std::begin(buf), end_buf}, indexed_ssl_ctx.size()); + if (idx == -1) { return 0; } - idx = nidx; + if (idx < indexed_ssl_ctx.size()) { indexed_ssl_ctx[idx].push_back(ssl_ctx); } else { diff --git a/src/shrpx_tls_test.cc b/src/shrpx_tls_test.cc index 8e478afc..7445c151 100644 --- a/src/shrpx_tls_test.cc +++ b/src/shrpx_tls_test.cc @@ -154,9 +154,9 @@ void test_shrpx_tls_cert_lookup_tree_add_ssl_ctx(void) { CU_ASSERT(-1 == tree.lookup(StringRef::from_lit("not-used.nghttp2.org"))); CU_ASSERT(0 == tree.lookup(StringRef::from_lit("test.nghttp2.org"))); - CU_ASSERT(0 == tree.lookup(StringRef::from_lit("w.test.nghttp2.org"))); - CU_ASSERT(0 == tree.lookup(StringRef::from_lit("www.test.nghttp2.org"))); - CU_ASSERT(1 == tree.lookup(StringRef::from_lit("test.example.com"))); + CU_ASSERT(1 == tree.lookup(StringRef::from_lit("w.test.nghttp2.org"))); + CU_ASSERT(2 == tree.lookup(StringRef::from_lit("www.test.nghttp2.org"))); + CU_ASSERT(3 == tree.lookup(StringRef::from_lit("test.example.com"))); } template