Allow multiple IDN xn-- indicators

Update the X509v3 name parsing to allow multiple xn-- international domain name indicators in a name. Previously, only allowed one at the beginning of a name, which was wrong. (Imported from upstream's 31d1d3741f16bd80ec25f72dcdbf6bbdc5664374) Change-Id: I93f1db7a5920305569af23f9f2b30ab5cc226521 Reviewed-on: https://boringssl-review.googlesource.com/13984 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-02-22 22:04:10 +00:00 · 2017-02-22 22:04:10 +00:00 · 5ae416528a
commit 5ae416528a
parent adec7726ec
1 changed files with 6 additions and 22 deletions
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@ -824,32 +824,16 @@ static const unsigned char *valid_star(const unsigned char *p, size_t len,
                return NULL;
            star = &p[i];
            state &= ~LABEL_START;
-        } else if ((state & LABEL_START) != 0) {
-            /*
-             * At the start of a label, skip any "xn--" and
-             * remain in the LABEL_START state, but set the
-             * IDNA label state
-             */
-            if ((state & LABEL_IDNA) == 0 && len - i >= 4
-                && OPENSSL_strncasecmp((char *)&p[i], "xn--", 4) == 0) {
-                i += 3;
-                state |= LABEL_IDNA;
-                continue;
-            }
-            /* Labels must start with a letter or digit */
-            state &= ~LABEL_START;
-            if (('a' <= p[i] && p[i] <= 'z')
-                || ('A' <= p[i] && p[i] <= 'Z')
-                || ('0' <= p[i] && p[i] <= '9'))
-                continue;
-            return NULL;
        } else if (('a' <= p[i] && p[i] <= 'z')
                   || ('A' <= p[i] && p[i] <= 'Z')
                   || ('0' <= p[i] && p[i] <= '9')) {
-            state &= LABEL_IDNA;
-            continue;
+            if ((state & LABEL_START) != 0
+                && len - i >= 4
+                && OPENSSL_strncasecmp((char *)&p[i], "xn--", 4) == 0)
+                state |= LABEL_IDNA;
+            state &= ~(LABEL_HYPHEN | LABEL_START);
        } else if (p[i] == '.') {
-            if (state & (LABEL_HYPHEN | LABEL_START))
+            if ((state & (LABEL_HYPHEN | LABEL_START)) != 0)
                return NULL;
            state = LABEL_START;
            ++dots;