wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 11:44:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8996 from lealem47/match_ipv6

Browse Source 
Add logic to match IPv6 domain addresses
This commit is contained in:
David Garske
2025-07-22 13:42:15 -07:00
committed by GitHub
parent 357b624ca5 22b01bcda9
commit c7bc6e834e
2 changed files with 39 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
src/internal.c
View File

@@ -12947,6 +12947,36 @@ int CipherRequires(byte first, byte second, int requirement)
#endif /* !NO_TLS */
#ifndef NO_CERTS
#if defined(WOLFSSL_IP_ALT_NAME) && !defined(WOLFSSL_USER_IO)
static int MatchIPv6(const char* pattern, int patternLen,
const char* str, word32 strLen)
{
WOLFSSL_SOCKADDR_IN6 addr1, addr2;
char patBuf[WOLFSSL_MAX_IPSTR];
char strBuf[WOLFSSL_MAX_IPSTR];
if ((word32)patternLen >= sizeof(patBuf) || strLen >= sizeof(strBuf))
return 0;
/* Make sure strings are null-terminated and safely copied */
XMEMCPY(patBuf, pattern, patternLen);
patBuf[patternLen] = '\0';
XMEMCPY(strBuf, str, strLen);
strBuf[strLen] = '\0';
XMEMSET(&addr1, 0, sizeof(addr1));
XMEMSET(&addr2, 0, sizeof(addr2));
/* Try parsing both as IPv6 */
if (XINET_PTON(WOLFSSL_IP6, patBuf, &addr1) != 1)
return 0;
if (XINET_PTON(WOLFSSL_IP6, strBuf, &addr2) != 1)
return 0;
/* Compare raw address bytes */
return XMEMCMP(&addr1, &addr2, sizeof(WOLFSSL_SOCKADDR_IN6)) == 0;
}
#endif /* WOLFSSL_IP_ALT_NAME && !WOLFSSL_USER_IO */
/* Match names with wildcards, each wildcard can represent a single name
component or fragment but not multiple names, i.e.,
@@ -12966,6 +12996,12 @@ int MatchDomainName(const char* pattern, int patternLen, const char* str,
if (pattern == NULL || str == NULL || patternLen <= 0 || strLen == 0)
return 0;
#if defined(WOLFSSL_IP_ALT_NAME) && !defined(WOLFSSL_USER_IO)
/* First try to match IPv6 addresses */
if (MatchIPv6(pattern, patternLen, str, strLen))
return 1;
#endif
while (patternLen > 0) {
/* Get the next pattern char to evaluate */
char p = (char)XTOLOWER((unsigned char)*pattern);

3
wolfssl/wolfio.h
View File

@@ -959,6 +959,9 @@ WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags);
#define WOLFSSL_IP6 AF_INET6
#endif
#ifndef WOLFSSL_SOCKADDR_IN6
#define WOLFSSL_SOCKADDR_IN6 struct sockaddr_in6
#endif
#ifdef __cplusplus
} /* extern "C" */