First check there is wildcard character or not in tls hostname check.

2012-04-01 22:07:01 +09:00 · 2012-04-01 22:07:01 +09:00 · 65a20f5070
parent b9471d7452
commit 65a20f5070
1 changed files with 14 additions and 16 deletions
--- a/src/util.cc
+++ b/src/util.cc
@ -1636,39 +1636,37 @@ bool noProxyDomainMatch

 bool tlsHostnameMatch(const std::string& pattern, const std::string& hostname)
 {
-  // Do case-insensitive match. At least 2 dots are required to enable
-  // wildcard match.
+  std::string::const_iterator ptWildcard = std::find(pattern.begin(),
+                                                     pattern.end(),
+                                                     '*');
+  if(ptWildcard == pattern.end()) {
+    return strieq(pattern.begin(), pattern.end(),
+                  hostname.begin(), hostname.end());
+  }
  std::string::const_iterator ptLeftLabelEnd = std::find(pattern.begin(),
                                                         pattern.end(),
                                                         '.');
  bool wildcardEnabled = true;
+  // Do case-insensitive match. At least 2 dots are required to enable
+  // wildcard match. Also wildcard must be in the left-most label.
+  // Don't attempt to match a presented identifier where the wildcard
+  // character is embedded within an A-label.
  if(ptLeftLabelEnd == pattern.end() ||
-     std::find(ptLeftLabelEnd+1, pattern.end(), '.') == pattern.end()) {
+     std::find(ptLeftLabelEnd+1, pattern.end(), '.') == pattern.end() ||
+     ptLeftLabelEnd < ptWildcard ||
+     istartsWith(pattern, "xn--")) {
    wildcardEnabled = false;
  }
  if(!wildcardEnabled) {
    return strieq(pattern.begin(), pattern.end(),
                  hostname.begin(), hostname.end());
  }
-  std::string::const_iterator ptWildcard = std::find(pattern.begin(),
-                                                     ptLeftLabelEnd,
-                                                     '*');
-  if(ptWildcard == ptLeftLabelEnd) {
-    return strieq(pattern.begin(), pattern.end(),
-                  hostname.begin(), hostname.end());
-  }
  std::string::const_iterator hnLeftLabelEnd = std::find(hostname.begin(),
                                                         hostname.end(),
                                                         '.');
  if(!strieq(ptLeftLabelEnd, pattern.end(), hnLeftLabelEnd, hostname.end())) {
    return false;
  }
-  // Don't attempt to match a presented identifier where the wildcard
-  // character is embedded within an A-label.
-  if(istartsWith(pattern, "xn--")) {
-    return strieq(pattern.begin(), ptLeftLabelEnd,
-                  hostname.begin(), hnLeftLabelEnd);
-  }
  // Perform wildcard match. Here '*' must match at least one
  // character.
  if(hnLeftLabelEnd - hostname.begin() < ptLeftLabelEnd - pattern.begin()) {