walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

nghttpx: Fix certificate indexing bug

This commit is contained in:
Tatsuhiro Tsujikawa 2017-05-21 00:19:33 +09:00
parent 7d111d9963
commit 9c1876f542
2 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/shrpx_tls.cc
View File

@ -1511,8 +1511,6 @@ int cert_lookup_tree_add_ssl_ctx(
#endif // defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < #endif // defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER <
// 0x10002000L // 0x10002000L
auto idx = indexed_ssl_ctx.size();
auto altnames = static_cast<GENERAL_NAMES *>( auto altnames = static_cast<GENERAL_NAMES *>(
X509_get_ext_d2i(cert, NID_subject_alt_name, nullptr, nullptr)); X509_get_ext_d2i(cert, NID_subject_alt_name, nullptr, nullptr));
if (altnames) { if (altnames) {
@ -1555,11 +1553,12 @@ int cert_lookup_tree_add_ssl_ctx(
auto end_buf = std::copy_n(name, len, std::begin(buf)); auto end_buf = std::copy_n(name, len, std::begin(buf));
util::inp_strlower(std::begin(buf), end_buf); util::inp_strlower(std::begin(buf), end_buf);
auto nidx = lt->add_cert(StringRef{std::begin(buf), end_buf}, idx); auto idx = lt->add_cert(StringRef{std::begin(buf), end_buf},
if (nidx == -1) { indexed_ssl_ctx.size());
if (idx == -1) {
continue; continue;
} }
idx = nidx;
if (idx < indexed_ssl_ctx.size()) { if (idx < indexed_ssl_ctx.size()) {
indexed_ssl_ctx[idx].push_back(ssl_ctx); indexed_ssl_ctx[idx].push_back(ssl_ctx);
} else { } else {
@ -1595,11 +1594,12 @@ int cert_lookup_tree_add_ssl_ctx(
util::inp_strlower(std::begin(buf), end_buf); util::inp_strlower(std::begin(buf), end_buf);
auto nidx = lt->add_cert(StringRef{std::begin(buf), end_buf}, idx); auto idx =
if (nidx == -1) { lt->add_cert(StringRef{std::begin(buf), end_buf}, indexed_ssl_ctx.size());
if (idx == -1) {
return 0; return 0;
} }
idx = nidx;
if (idx < indexed_ssl_ctx.size()) { if (idx < indexed_ssl_ctx.size()) {
indexed_ssl_ctx[idx].push_back(ssl_ctx); indexed_ssl_ctx[idx].push_back(ssl_ctx);
} else { } else {

6
src/shrpx_tls_test.cc
View File

@ -154,9 +154,9 @@ void test_shrpx_tls_cert_lookup_tree_add_ssl_ctx(void) {
CU_ASSERT(-1 == tree.lookup(StringRef::from_lit("not-used.nghttp2.org"))); CU_ASSERT(-1 == tree.lookup(StringRef::from_lit("not-used.nghttp2.org")));
CU_ASSERT(0 == tree.lookup(StringRef::from_lit("test.nghttp2.org"))); CU_ASSERT(0 == tree.lookup(StringRef::from_lit("test.nghttp2.org")));
CU_ASSERT(0 == tree.lookup(StringRef::from_lit("w.test.nghttp2.org"))); CU_ASSERT(1 == tree.lookup(StringRef::from_lit("w.test.nghttp2.org")));
CU_ASSERT(0 == tree.lookup(StringRef::from_lit("www.test.nghttp2.org"))); CU_ASSERT(2 == tree.lookup(StringRef::from_lit("www.test.nghttp2.org")));
CU_ASSERT(1 == tree.lookup(StringRef::from_lit("test.example.com"))); CU_ASSERT(3 == tree.lookup(StringRef::from_lit("test.example.com")));
} }
template <size_t N, size_t M> template <size_t N, size_t M>