Certficates: fixed counting DNS SAN entries.

Previously, entries of any type were counted during object allocation
but only DNS type entries were actually processed.  As a result,
if some certificate entries had another type, returning information
about the certificate caused uninitialized memory access.

2 files changed, 12 insertions, 2 deletions

diff --git a/docs/changes.xml b/docs/changes.xml
index 22adc2dd..ad963c40 100644
--- a/docs/changes.xml
+++ b/docs/changes.xml
@@ -39,6 +39,13 @@ Linux, and all uploaded certificate bundles were forgotten after restart.
 
 <change type="bugfix">
 <para>
+the controller process could crash while requesting information about a
+certificate with a non-DNS SAN entry.
+</para>
+</change>
+
+<change type="bugfix">
+<para>
 the Ruby module didn't respect user locale for defaults in the Encoding class.
 </para>
 </change>
diff --git a/src/nxt_cert.c b/src/nxt_cert.c
index 357a9211..0b986b0d 100644
--- a/src/nxt_cert.c
+++ b/src/nxt_cert.c
@@ -722,13 +722,16 @@ nxt_cert_name_details(nxt_mp_t *mp, X509 *x509, nxt_bool_t issuer)
 
     if (alt_names != NULL) {
         count = sk_GENERAL_NAME_num(alt_names);
+        n = 0;
 
-        for (n = 0; n != count; n++) {
-            name = sk_GENERAL_NAME_value(alt_names, n);
+        for (i = 0; i != count; i++) {
+            name = sk_GENERAL_NAME_value(alt_names, i);
 
             if (name->type != GEN_DNS) {
                 continue;
             }
+
+            n++;
         }
 
         names = nxt_conf_create_array(mp, n);