alter search behavior for testing if URI is a absolute path

2018-05-09 14:43:52 -06:00 · 2018-05-09 14:43:52 -06:00 · d1192021a5
commit d1192021a5
parent bb979980ca
1 changed files with 22 additions and 3 deletions
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@ -5717,9 +5717,28 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert)
            /* Verify RFC 5280 Sec 4.2.1.6 rule:
                "The name MUST NOT be a relative URI" */

-            if (XSTRNSTR((const char*)&input[idx], "://", strLen + 1) == NULL) {
-                WOLFSSL_MSG("\tAlt Name must be absolute URI");
-                return ASN_ALT_NAME_E;
+            {
+                int i;
+
+                /* skip past scheme (i.e http,ftp,...) finding first ':' char */
+                for (i = 0; i < strLen; i++) {
+                    if (input[idx + i] == ':') {
+                        break;
+                    }
+                    if (input[idx + i] == '/') {
+                        i = strLen; /* error, found relative path since '/' was
+                                     * encountered before ':'. Returning error
+                                     * value in next if statement. */
+                    }
+                }
+
+                /* test if no ':' char was found and test that the next two
+                 * chars are // to match the pattern "://" */
+                if (i == strLen || (input[idx + i + 1] != '/' ||
+                                    input[idx + i + 2] != '/')) {
+                    WOLFSSL_MSG("\tAlt Name must be absolute URI");
+                    return ASN_ALT_NAME_E;
+                }
            }
        #endif