BUG/MINOR: ssl: verifyhost is case sensitive

In bug #835, @arjenzorgdoc reported that the verifyhost option on the server line is case-sensitive, that shouldn't be the case. This patch fixes the issue by replacing memcmp by strncasecmp and strcmp by strcasecmp. The patch was suggested by @arjenzorgdoc. This must be backported in all versions supporting the verifyhost option.
2025-08-08 08:07:10 +02:00 · 2020-09-14 15:20:10 +02:00 · 2020-09-14 15:20:10 +02:00 · 2d6fd0a90d
commit 2d6fd0a90d
parent 441b6c31e9
1 changed files with 4 additions and 4 deletions
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@ -4519,7 +4519,7 @@ static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
 	size_t prefixlen, suffixlen;
 	/* Trivial case */
-	if (strcmp(pattern, hostname) == 0)
+	if (strcasecmp(pattern, hostname) == 0)
 		return 1;
 	/* The rest of this logic is based on RFC 6125, section 6.4.3
@ -4550,7 +4550,7 @@ static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
 	/* Make sure all labels match except the leftmost */
 	hostname_left_label_end = strchr(hostname, '.');
 	if (!hostname_left_label_end
-	    || strcmp(pattern_left_label_end, hostname_left_label_end) != 0)
+	    || strcasecmp(pattern_left_label_end, hostname_left_label_end) != 0)
 		return 0;
 	/* Make sure the leftmost label of the hostname is long enough
@ -4562,8 +4562,8 @@ static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
 	 * wildcard */
 	prefixlen = pattern_wildcard - pattern;
 	suffixlen = pattern_left_label_end - (pattern_wildcard + 1);
-	if ((prefixlen && (memcmp(pattern, hostname, prefixlen) != 0))
+	if ((prefixlen && (strncasecmp(pattern, hostname, prefixlen) != 0))
-	    || (suffixlen && (memcmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
+	    || (suffixlen && (strncasecmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
 		return 0;
 	return 1;