From 5d5920c1500e47fde36be00fd92db8e5c6a0140f Mon Sep 17 00:00:00 2001
From: Jonas Olausson <j.olausson@student.unimelb.edu.au>
Date: Wed, 23 May 2018 14:48:46 +1000
Subject: [PATCH] made wildcard validation more robust
---
certexample | Bin 16164 -> 16292 bytes
certexample.c | 51 ++++++++++++++++++++++++++++++++++++++++++++------
2 files changed, 45 insertions(+), 6 deletions(-)
diff --git a/certexample b/certexample
index 133b4413ab264e369a804e79ee90672329bf6e0f..d1746d435261cd0a4018b32bfe4e346b2ad4dafd 100755
GIT binary patch
delta 4216
zcmZ2dx1@f;ML{kG21W)3hE72SFmT|S_{dK1lr%*28(55i;nZY9Mti{nG7!;KAPo!*
z3<oARGTIAf$w5S2prTomFEZK-ZjgtFdO%Isuvw9*osn_L<dw|MrXLs?7?>Cs7$g`N
z7;cy{FgP<XFr-*BFgUO<FmN+4Fa$s~!6-2X1_rUoiY)T1999er;S&ReCr7Yo2&A~S
zc$+S;d$G-SRe<lTL+>X~V9{jcn!JnUncxOf1_liV1_n(A1_l9;Et@y8_OncO;O1kJ
z5Sbjn9iDk!n1R8g^Z1MFf(#5Ey|#xy++NeuAga^##)|_W;ZD~JFDwNa7+%PL2w6b}
zhU2bhK#uAzedEy`dc&i8Z^8fn|6lZi6gU51;BVn)0-M$*%)roHdS(N|i!Q;*0z8_k
zs|6so%@tr^*r&q);<z4wYVX{d0Wu^+aB>`ve1HtZ1v5OlU1xZ78*E^B!3i?G*Om_?
z(Oo*jqq~fwvo+=a|Nk2pUc3dF+iSZ;h=IWaEN9l)ngB8_f)V5p)73(g&+;hOPXk$-
z!@$6>lNl7(r#w1aEB^og@6la*z@yuD!iy993=AG1543^;&7;?}7i=Kw6R@2Y8yH?h
z2{1712gPt_YYfPI3jqcO!vmcM!A5kR^XNSFVkgLuPS+hM2Bm`x3hri|4L3;;VNwLh
zr1v0gy{0iBh26CmApREE!0_S)M8X*^5!%q%8Upe68UD$Kc-3^dz;b&%{{R2qd1wQ}
ziz)mJ4Beq;nh!B{hMwtcb@>1P|H~_X|Nl4q|011#vM8T|RW-=a?%EF?ovsgF<bgS*
z4?Gx;c{Cqm^yvKl!WJZS{Lp_;=ybZi@aV36;n7|C;{`ka<a|Ccrk8w^+xfOL74c1W
z;CEmW;+x#WuLPo&@tbNmgX6-~O@M)6mohl`c|8Oe7+z%ZGBCUZr5ca!+6^yO@=j(J
zP-2?MJ6T=8OzI%Wx?a;G{0t1c)FFB<@iQ>Ic+NAqT)-_*pOb;1)Ab3+6)%cGNvret
zi);>%*aNVbJ_`dw=kXU7Tp*!4U?CfB5c>w0-2i4^@c{X^yY$724P2A?1fv=GCua$2
zD$nNzrJ21ue*gd9dF(|uh}YTr;5R5$>;+LTa=0gN6O?Dt<(_<9P@d}x7bwvlfAN58
zl8_wZpULt<8cY+pCVL7gGv#ni&J&VnV&$IPFQm(~jBD~fArsDLoFL<Qx%npl7BXeB
z;F@eCtj@?gIZIGW2`mG%cs7WKYH<zc<ZXfqjGU9N3o3AerH{Y(z%fZko{@91f{+Fy
z$7D|-6-JK9c|ssX{X%*i9ALWwc_wca@nXv4n9L}uAR`MB>~#GA^8Jf*>>$^>g5&eW
zP4>yQqAH?~*%=rNPj;R&yyO8>wuyamnP`vX1vUl-aBct<iXOeTPdFJEHZZ)XXP<mV
zOor(y=j2ynN<!PgE_40y5>#S&^s=twoSZA>CMl1m*BGMr92;1#3Rtfo8=Bs~lV!!d
zm@cwT&J<T=+QT||g1B<nVpgz|K^fvgvjr1>YX_*<=ytu}(Otpu;wuX%f7@0=JbA*S
zyY$2ch8G(_db&$5cy!lsbh_?&aTTO0859I3JUUA^yjaOPnNuQ80Hmqg_l8I3d5_Lx
zFK)9;E|)N>_vkKt;n7)p!K3qg=dl-0L5Z=u_Cn{e7gdZ54EyvzmUp^>lHCW7Zr2YU
zowX-G#phm#x)YtpUIc-dovxsy_rRmO^u~+DEYM(71!?ZJEdfPBcj*IA(Yb-)MI8&M
zJpBVMR9uft7LgR6tS>3c6v8suPf}7+_3Qut9^f1ZiZu(5Ueohz3=A*CSSD|j6rMa;
zQk-obi2ro*21#eOVi0rA<PDOlljWqu>OGp@D0uX;2D5=eu=Yo1=@*ag+8-XBwJ*9$
zzko72C|4(+^I$v=5(8tf=Z|k-cp<?IN=v>kK-sSIgh%rch1kPsX=!@=@-3h|%n<6)
z`4nWnLkB1fK6JRgKkoVhB;%0`aww=|iE(}K;uR>jcGo`eusqJ+ZU*u{Slagk|2`2$
z{(YtIEkE(Mf>KVm>x)j;KQE;ipoK)Y>x<?CjGeA8UatB7|Nn8<KcJ$h+w~8`CH(S}
z^`)Yig#S+NmP*ym`3cIcwGTkC2rBi#X%<vjg3>%FK3{14{{J5&+A^6@N_Mh^v?Npa
z&&k2keoU`_PF^f+IhjZ1h|Pc1Su6|;|5fLJ$$4OM0hn9_CYON8Wngjz3j>2suWTeU
z1A}Ame^t-TcVw<Hv2zCdcsjdUO<pUn!o$VDV8Q^wrzYQ(_nw%*Qhx#3aJU7fpFrt%
zQ2GayW|D<88hD_z7?f6k(ppg31WMaMX%8qJ1f^r3bQ*-NXDEO$7^<Lj3zY7I(lem+
zA}GBEN^gVG2cYyRD18M=--FUGp!6pw{Rc|3f!jvz3=9Hb1_Of>lvaV#dQjQ|N;^Sm
zA1ECLr4vB(=0e4OzKIDen+%RI$FRreX2hpfq$Zb^q{e5YCZ?noF@)zPGDIimGjuQ(
zmlVYpGc0B-OU%hkNi0c?XV}k}o>~&m(94vTnU@lumRVF>5}%n@T#}fVoSL7;u#Oqj
zAY)+4%wuR~oXle)U*E*c%y2-2fq^M6IkALc9%F7nVo_>*UVceD!&4?^h6Pd#3`_+%
znI#On7;`d{Q{zkW<5Tle7*;YfGc1s1U|>s5Eh@=O%S=uzNoD9@D$mSGNlq+Ei7zfG
z%FIh=XlKq&t&C^rVNOac&P<L^&d)0@DN4-DD=B7J!tCtFu!DygY}Hwiaq^Srn~3sW
zWCCd^Elx~NWw<u^powt(ZKjm`+{Dbh_`Jm2RE7sk%nTP47?>Fjs4y@yOweFpX1Jii
zz`&H0nwDRb%J73JF|8!Eh~Y0tnI;1>LxVO0Gs6ZQkXn5P1}2EX^O<u}^U_N)7&e2v
zZ@|FJ@WBvdq!9x%!vbRvVFEJOgfTubFE}MW*wK&S1W2VR!lDPv5R0BNGc#;316gDa
zDjz@%W|0T14U7#e8yG(@Uto4<VBEmCf$;$ohzv+*U^FNw2$($ERIXkWk_|wOSAIqY
zh6^GPzAXa-1BkD{3*oy$`3oc={1_-dKmfuohVh~LK?N8{zk?7&elk>E04l!<%CC2T
zb_zB?1q{R>8ZJTk4p0l9K=})x4tfve2S`EG|AF!kK>31<5D$EifXM4Y`3v|Vd}j#1
zo<RYs0n~~GyBMk=2cm$X0op%lfbtEX{Haj>1aXLg>lwi`IBA38;2;|RDjFYD>oGFa
zgF7c6^$hRP6#PKrvoN7r0BZk3J2zncs%Y|dX#7AlehP?R59u9&4JZT&An~W5@t33V
zH=^+mqw(*d@js&R|1&W#)Fb;qgc;R`YG{0OG`=5%59()tJrIM&&qCwZpz-^e875!0
zkgZ>VCcX`gzXy$f7>$1ljei-9e;bYe7{Z4om3oHPr~(W>(D+O&;DCX9ln;$BhQ^me
z<Ex?Z^-%be^Q@Fu<ro+k<R{;?)Rxs|U|;}s8?6`^7_1o>7;G3A7<3sJ7(mT3{mFN&
zqzx<>7#J)W7#Ki>gdGC|gFOQSg98HtgChe2g8~Bsg8>5rgCPS0gA+Jb7#t=SSSgTV
efh0}~CUaVQiejx*CI?v8awAm^n~zz?G6Mj5mjW9A
delta 3898
zcmZ2dzoc%$ML})`21W)3hM58kVBo+#@sXY2Eoq48H?SB3!>!4NjP`;TWFVreKpGer
z7%oh1WV9Eol7om^Kt-!2Uu3iw+#(MV^?;hNWwRnvJ0qjY<dw|MraKrJ7?>Cs7$g`N
z7#5f^FgP+WFz{G2Fi5a4FmN+4Fa$s~!6*?11_qJIiY)T18!Q<Z!Y2j_PmW;G5O63?
z`q`IdAu?D0_grhK{dJQkuxK)JPu|7yOt8X~fkA_TfkBgjfdS;R1)Ddr_OmR$z{)t;
zfs2nxLwIrkS9s=qAqEDI&f_nh3otNv^x9qmaeGZ~gQ!l|8!s+^ggad?yzmrYV0fVe
zB6I~97>>K10XeL@^o>V%=naqVy#@dO|9>$Tq`3J91AhxY6WFwALJSPurDrxUyqG00
zS%6zpbvHl6wzd2W4EuB#KpfWtQ0<*tGeCx<2uzOSmJiT@xL}4yx9bd#Zi5XBFC;;x
z_u9&VB)UsycyyO>bhf7a|Nnmj!;8Nlb9-%%2r@8ufaT0OTN6O0MKFRKV!B&!@>y=>
z`eh(%a~K#Hb}}<CFm#^s=xnX{|Np;7ckKa>Zr=$nZtyWMcz`_63JN%nUemc?16iMd
z?X=jy@FI(!fnh%=mOEQxK<0b!GcXt)=sXBEqVt?b=cyMbL56g??m#i99Ar>%H|uP;
zNs0)QB0whn2Wjgy%>gOwuDt;9x4;I57e62p!ElMthR)Uyh`;afO+Lh<rYi-O+w1ZF
z|NqWI8yH?J;bUOv4n5O+h_N&DOlPaZ|NsAAUitg~zv2HE<$RMxc@?a>L56nMe(>mY
zeej|V%qe}~!FbH0`52=|=l2)BAfe-j{)0lN)AfZ%ckK(0?$RGG#Q7%Y^NKP3<el8k
zyPc_tcd`SY1CtW(<R(5P5VefYR3jK17p7tS3=F$u!NJcP!Oy_(qLPP!;Uy^5cy!lp
zc(IdbGBdvt(?Xuf>ilL>7eUtbnqJ{!VA!Py(esFpf#Jn>?#bo+Zh`Wg3=EyFPe87C
zQ4C62oyT89bAZGifW`D#7#KQ_zwiJny8{;T;Q~qD0JA56*;hP3{_QS(@!|mIWIlmt
zM!v~WLRv~(pd_<*$M66DJCD7X4dQjSKKKnv6njC`iyE%U%Y+mdxh5YMQs4wjAAj+I
zbMglvc}A|u0>T=MoRckuRTw!Z#|eW})eGw}a!%eSXu|o817tEUH}B-%f~HI!oRf`&
z)ERjuX9;L3?*~i4EL{!ap<3F*F?pMSJd-cS<m&?RTq0lv$6qjTOcIo1lHr)FAgIo?
zk$tkKpfXbr`{X=9c_vkk$^C-5oX6O~b_Q}!-YV?HRLMS>QA9yT7bMu}`T^ws7x&n}
znGPJIFJ7`uwiQtk{mjO|V0g0goZ%%8n6g7`lgmVUBp$FbFo5%eASkc)+J50+VA#O$
zqJQ#fQCX&^9Ft#(DhVA2yUz8;OHi@p(aXAzV{)#jo1{LPR%eLTd#sbsh{`aTfb|NB
zq3PwFEGy>4^pIt8rkE<z8J5Wt#FWD}vw&R;$`KcuEtvRQJ3wyfcD>-yUBU5!6(rkh
z+YRyK36Jj56B`&_90ZAWmtOGbuH)!*-SgrpGXsN1GAIO2cyyL-c(IdZGN*W)07z4}
z?+uU6^B$eYUc6?WTrO@D-+AoChp+$t@6!WW)9DIIVIN-H`}+UCN2luzk8Y5F1BXW^
z$bJwX%s%1KT??}N!i(d~&=6AvY45e20SfQ#(i0xtp%*qVyja9MSw=#crGbHgVY0o1
zEK>>d<TwdQ2~&viFFd+IdCkJ3*YrIr1H%im$p<7vCNGu{XWIwjvQ9oA;mkf6#N5L)
z`JjZ#WIai-$tqHzOw9i#S4*X8$NU1N+u8>p-++ogaMX!`90E)FQh)yc2Z^>!7L=5o
ztRXGQRQ+qRv$P-6?O&58OIzxBurM(ESM>suK48)hOa_3-ATSvMCc{`57$%>RKE~tI
zE9=S3z~C7CU)6H+8JTNLlh?`1^KdgTm@q)_t;sj#z3U%9YtC0t`U{l)2c<b=A+@Ct
zl$L?gYEaq$N?So`7bxuqr6Ztp5|qw?(q$03o}mH4VCaI<Q=s%bD7^woZ-UZ$p!6{)
zeE~|}g3?c*^gAg114=VN8v{I0S`19PGcYKC84L_sP}&4a+d*j$C>;c)W1w^zlr8|#
zn+p~D`6ec?Y%(~;?8X+Kn-QN{k(yjuk{X|pnwXMW#Nd>h$l#Wo&rnocQWRfYkds-$
z(92ksn3I{3SdtpgFo`iewIrV50VAmK!N8Q6$B;W&+(y3sDibrq0Wk&!ro80D5{3@O
z+=9fS)cCyol6Zz4Ow0@mWEhwk7RWL%uqCG!m1L%6CMTApGTde?&&)|lPAp1^FD@y{
z%u8pu#gv^|8P9N^DJiiyGdVsvKd-o?C^0jyq?qA5ld~T~BQw~@Y0S(F3ltd`SYXQP
z5$cwJjVLWnOiyK4$y899l#`hp4>C0;H7~s+gJB(0N`7u)W?p<=Vs0wKW+rBa3rY;k
z3<uO0m>DK$F)%Y+&|+X<N=i-3FG^)N&6Jo{l3K)Y0i;ZuftjH}mw}mKgC0n&Ap-*w
z#F|e`^-#nAFflW1Fk)b4cwh`tX98lGFvch5rNjq2`Y}voW@flxiZFg9GsO6H%*+f2
z%s_^kgK9Vih67>`SQ{7{ST-<zV7|cY(7?EXaRcK6rUi@}7y}Fn3gE3fP%Q8>3NX}z
zw1L_cpxnyO$iUDb2FVVf)*Fa_K@`HbWnf?c@fG+Wd{-zxKoG)@f$^d0bD?|(VTgPU
zlrI34pA6yGGdRFn!4Lrk196Ck-BA7lsD;O%`~)e8{ADQr0+jy(%6}jUk!N9qICy~o
zgf9i<8$i|TgZcFg3<gjQ&R_ush6&IHcsP{r0OjXE`4c1{2DUMRX;4Ul0+C?`8h;HM
ze-9e}7>HjFX^n#oI1ds);@?K&KSSgHLF0=up*lzdjc<*{_h4dRsE2k3zz)bpQ&5M-
z??B_vLgQ~m<DWp|Uqj=+W@4xZ^?=|(_!mt9A2X_tR3Us&BO2^rV>G@a8b26~pN7US
zWYz~;05`B6O+hajfAZv)7V`BA(L`6F@i(FIcR~1YZyrM9pGV{0gz(|60<|I-85m%E
zPlmT>3cjN8|Dy3hjTIyV7(ksmQBYIhfRzHPJOcxR!em`5ZCMKj1_nz81_mnz1_o^g
z1_n?^Ntc0v!GM8*!Emy!wX}gX0|SE%0|Nu7G_Ye}V6bOkV31>AU;wpQ^cff!9Kg}S
b;6Sbgf*2M|PPF!%e9*djv!6{EGa~~4<`8;P
diff --git a/certexample.c b/certexample.c
index ab7dba1..b997503 100644
--- a/certexample.c
+++ b/certexample.c
@@ -36,6 +36,11 @@ int validate_CN_and_SAN(const char *url, X509 *cert);
int validate_not_before(X509 *cert);
int validate_not_after(X509 *cert);
int validate_certificate(const char *url, X509 *cert);
+int find_first_instanceof(const char *str, char delim);
+char *str_slice_to_end(const char *str, int begin);
+
+
+
int main(int argc, char **argv){
int LINE_BUFFER=100;
@@ -122,6 +127,7 @@ int main(int argc, char **argv){
}
exit(0);
}
+
char* get_basic_constraints(X509 *cert){
X509_EXTENSION *ex = X509_get_ext(cert, X509_get_ext_by_NID(cert, NID_basic_constraints, -1));
@@ -372,17 +378,29 @@ int validate_basic_constraints(char* basic_constraints){
}
int validate_wildcard_string(const char *hostname, char*hostname_with_wildcard){
- char **hostname_with_wildcard_split = str_split(hostname_with_wildcard, '.');
- char **hostname_split = str_split(hostname, '.');
- const char *hostname_with_wildcard_right = hostname_with_wildcard_split[1];
- const char *hostname_split_right = hostname_split[1];
+ char *hostname_with_wildcard_sliced = str_slice_to_end(hostname_with_wildcard, (find_first_instanceof(hostname_with_wildcard, '.')));
+ char *hostname_sliced = str_slice_to_end(hostname, (find_first_instanceof(hostname, '.')));
+
+
+
+
+
+
+
+ // char **hostname_with_wildcard_split = str_split(hostname_with_wildcard, '.');
+
+ // char **hostname_split = str_split(hostname, '.');
+
+ // const char *hostname_with_wildcard_right = hostname_with_wildcard_split[1];
+ // const char *hostname_split_right = hostname_split[1];
- if(strcasecmp(hostname_split_right, hostname_with_wildcard_right)==0){
- printf("\t\tWILDCARD FUNCTION\t\t%s == %s\n", hostname_split_right, hostname_with_wildcard_right);
+ if(strcasecmp(hostname_with_wildcard_sliced, hostname_sliced)==0){
+ printf("\t\tWILDCARD FUNCTION\t\t%s == %s\n", hostname_with_wildcard_sliced, hostname_sliced);
return 1;
}
+
return 0;
}
int validate_key_length(int length){
@@ -449,3 +467,24 @@ int validate_certificate(const char *url, X509 *cert){
return 0;
}
}
+
+int find_first_instanceof(const char *str, char delim){
+ int i;
+ for (i=0;i<=strlen(str);i++){
+ if(str[i]==delim){
+
+ return i;
+ }
+ }
+ return -1;
+}
+
+
+char *str_slice_to_end(const char *str, int begin){
+ char *tmp = (char *)str;
+
+ tmp = (tmp+=begin+1);
+
+ printf("\tSLICE: %s\n",tmp);
+ return tmp;
+}
--
GitLab