summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorValentin Bartenev <vbart@nginx.com>2021-03-24 16:38:05 +0300
committerValentin Bartenev <vbart@nginx.com>2021-03-24 16:38:05 +0300
commitf18a41c84bb573607eaab9fec0c070cd159493f0 (patch)
treeed40f19c7157c00039cc44a1d41591f93b0a8af1
parent178f232b3ad36a763b3b5c2e0ef6f26cc1885229 (diff)
downloadunit-f18a41c84bb573607eaab9fec0c070cd159493f0.tar.gz
unit-f18a41c84bb573607eaab9fec0c070cd159493f0.tar.bz2
Certficates: fixed counting DNS SAN entries.
Previously, entries of any type were counted during object allocation but only DNS type entries were actually processed. As a result, if some certificate entries had another type, returning information about the certificate caused uninitialized memory access.
Diffstat (limited to '')
-rw-r--r--docs/changes.xml7
-rw-r--r--src/nxt_cert.c7
2 files changed, 12 insertions, 2 deletions
diff --git a/docs/changes.xml b/docs/changes.xml
index 22adc2dd..ad963c40 100644
--- a/docs/changes.xml
+++ b/docs/changes.xml
@@ -39,6 +39,13 @@ Linux, and all uploaded certificate bundles were forgotten after restart.
<change type="bugfix">
<para>
+the controller process could crash while requesting information about a
+certificate with a non-DNS SAN entry.
+</para>
+</change>
+
+<change type="bugfix">
+<para>
the Ruby module didn't respect user locale for defaults in the Encoding class.
</para>
</change>
diff --git a/src/nxt_cert.c b/src/nxt_cert.c
index 357a9211..0b986b0d 100644
--- a/src/nxt_cert.c
+++ b/src/nxt_cert.c
@@ -722,13 +722,16 @@ nxt_cert_name_details(nxt_mp_t *mp, X509 *x509, nxt_bool_t issuer)
if (alt_names != NULL) {
count = sk_GENERAL_NAME_num(alt_names);
+ n = 0;
- for (n = 0; n != count; n++) {
- name = sk_GENERAL_NAME_value(alt_names, n);
+ for (i = 0; i != count; i++) {
+ name = sk_GENERAL_NAME_value(alt_names, i);
if (name->type != GEN_DNS) {
continue;
}
+
+ n++;
}
names = nxt_conf_create_array(mp, n);