diff --git a/src/internal.c b/src/internal.c index 44cca779c..5d6a8fe3a 100644 --- a/src/internal.c +++ b/src/internal.c @@ -10168,23 +10168,22 @@ int CheckForAltNames(DecodedCert* dCert, const char* domain, int* checkCN) #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) /* check if alt name is stored as IP addr octet */ if (altName->type == ASN_IP_TYPE) { - char tmp[4]; - int i; - word32 idx = 0; - for (i = 0; (idx < WOLFSSL_MAX_IPSTR) && (i < altName->len); i++) { - XMEMSET(tmp, 0, sizeof(tmp)); - XSNPRINTF(tmp, sizeof(tmp), (altName->len <= 4) ? "%u" : "%02X", - altName->name[i]); - idx += (word32)XSTRLEN(tmp); - XSTRNCAT(name, tmp, (altName->len <= 4) ? 3 : 2); - if ((idx < WOLFSSL_MAX_IPSTR ) && ((i + 1) < altName->len)) { - name[idx++] = (altName->len <= 4) ? '.' : ':'; + const unsigned char *ip = (const unsigned char*)altName->name; + if (altName->len == WOLFSSL_IP4_ADDR_LEN) { + XSNPRINTF(name, sizeof(name), "%u.%u.%u.%u", ip[0], ip[1], ip[2], ip[3]); + } + else if (altName->len == WOLFSSL_IP6_ADDR_LEN) { + int i; + for (i = 0; i < 8; i++) { + XSNPRINTF(name + i * 5, sizeof(name) - i * 5, "%02X%02X%s", + ip[2 * i], ip[2 * i + 1], (i < 7) ? ":" : ""); } } - if (idx >= WOLFSSL_MAX_IPSTR) { - idx = WOLFSSL_MAX_IPSTR -1; + else { + WOLFSSL_MSG("\tnot an IPv4 or IPv6 address"); + altName = altName->next; + continue; } - name[idx] = '\0'; buf = name; len = (word32)XSTRLEN(name); } diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index b4f5daea8..d9b0812fe 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -570,6 +570,8 @@ struct WOLFSSL_X509_STORE { #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ defined(WOLFSSL_WPAS_SMALL) || defined(WOLFSSL_IP_ALT_NAME) #define WOLFSSL_MAX_IPSTR 46 /* max ip size IPv4 mapped IPv6 */ + #define WOLFSSL_IP4_ADDR_LEN 4 + #define WOLFSSL_IP6_ADDR_LEN 16 #endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)