]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
projects / thirdparty / dovecot / core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2af9aad)
lib-ssl-iostream: Use net_addr2ip() to validate IP address in address verification
authorAki Tuomi <aki.tuomi@open-xchange.com>
Fri, 8 Apr 2022 09:48:09 +0000 (12:48 +0300)
committeraki.tuomi <aki.tuomi@open-xchange.com>
Thu, 14 Apr 2022 11:10:37 +0000 (11:10 +0000)
src/lib-ssl-iostream/iostream-openssl-common.c patch | blob | blame | history

diff --git a/src/lib-ssl-iostream/iostream-openssl-common.c b/src/lib-ssl-iostream/iostream-openssl-common.c
index 1d0a484635b4538cdb67fd634c88d4ce7654748e..d8c2e36a8fc62d90787fa7aafec47c8096ee1a24 100644 (file)
--- a/src/lib-ssl-iostream/iostream-openssl-common.c
+++ b/src/lib-ssl-iostream/iostream-openssl-common.c
@@ -183,13 +183,7 @@ bool openssl_cert_match_name(SSL *ssl, const char *verify_name,
        gnames = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
        count = gnames == NULL ? 0 : sk_GENERAL_NAME_num(gnames);
 
-       i_zero(&ip);
-       /* try to convert verify_name to IP */
-       if (inet_pton(AF_INET6, verify_name, &ip.u.ip6) == 1)
-               ip.family = AF_INET6;
-       else if (inet_pton(AF_INET, verify_name, &ip.u.ip4) == 1)
-               ip.family = AF_INET;
-       else
+       if (net_addr2ip(verify_name, &ip) < 0)
                i_zero(&ip);
 
        for (i = 0; i < count; i++) {
Mirror of https://github.com/dovecot/core.git