Compare IPAddress in commonName as string.

Added test for net::verifyHostname().
2025-04-06 05:57:36 +03:00 · 2012-04-01 16:42:38 +09:00 · 2012-04-01 16:42:38 +09:00 · b9471d7452
commit b9471d7452
parent b68e0a5527
2 changed files with 89 additions and 4 deletions
--- a/src/SocketCore.cc
+++ b/src/SocketCore.cc
@ -1330,16 +1330,15 @@ bool verifyHostname(const std::string& hostname,
                    const std::string& commonName)
 {
  if(util::isNumericHost(hostname)) {
+    if(ipAddrs.empty()) {
+      return commonName == hostname;
+    }
    // We need max 16 bytes to store IPv6 address.
    unsigned char binAddr[16];
    size_t addrLen = getBinAddr(binAddr, hostname);
    if(addrLen == 0) {
      return false;
    }
-    if(ipAddrs.empty()) {
-      return addrLen == commonName.size() &&
-        memcmp(binAddr, commonName.c_str(), addrLen) == 0;
-    }
    for(std::vector<std::string>::const_iterator i = ipAddrs.begin(),
          eoi = ipAddrs.end(); i != eoi; ++i) {
      if(addrLen == (*i).size() &&
--- a/test/SocketCoreTest.cc
+++ b/test/SocketCoreTest.cc
@ -16,6 +16,7 @@ class SocketCoreTest:public CppUnit::TestFixture {
  CPPUNIT_TEST(testGetSocketError);
  CPPUNIT_TEST(testInetNtop);
  CPPUNIT_TEST(testGetBinAddr);
+  CPPUNIT_TEST(testVerifyHostname);
  CPPUNIT_TEST_SUITE_END();
 public:
  void setUp() {}
@ -26,6 +27,7 @@ public:
  void testGetSocketError();
  void testInetNtop();
  void testGetBinAddr();
+  void testVerifyHostname();
 };


@ -123,4 +125,88 @@ void SocketCoreTest::testGetBinAddr()
  CPPUNIT_ASSERT_EQUAL((size_t)0, net::getBinAddr(dest, "localhost"));
 }

+void SocketCoreTest::testVerifyHostname()
+{
+  {
+    std::vector<std::string> dnsNames, ipAddrs;
+    std::string commonName;
+    CPPUNIT_ASSERT(!net::verifyHostname("example.org",
+                                        dnsNames, ipAddrs, commonName));
+  }
+  {
+    // Only commonName is provided
+    std::vector<std::string> dnsNames, ipAddrs;
+    std::string commonName = "example.org";
+    CPPUNIT_ASSERT(net::verifyHostname("example.org",
+                                       dnsNames, ipAddrs, commonName));
+  }
+  {
+    // Match against dNSName in subjectAltName
+    std::vector<std::string> dnsNames, ipAddrs;
+    dnsNames.push_back("foo");
+    dnsNames.push_back("example.org");
+    std::string commonName = "exampleX.org";
+    CPPUNIT_ASSERT(net::verifyHostname("example.org",
+                                       dnsNames, ipAddrs, commonName));
+  }
+  {
+    // If dNsName is provided, don't match with commonName
+    std::vector<std::string> dnsNames, ipAddrs;
+    dnsNames.push_back("foo");
+    dnsNames.push_back("exampleX.org");
+    ipAddrs.push_back("example.org");
+    std::string commonName = "example.org";
+    CPPUNIT_ASSERT(!net::verifyHostname("example.org",
+                                        dnsNames, ipAddrs, commonName));
+  }
+  {
+    // IPAddress in dnsName don't match.
+    std::vector<std::string> dnsNames, ipAddrs;
+    dnsNames.push_back("192.168.0.1");
+    std::string commonName = "example.org";
+    CPPUNIT_ASSERT(!net::verifyHostname("192.168.0.1",
+                                        dnsNames, ipAddrs, commonName));
+  }
+  {
+    // IPAddress string match with commonName
+    std::vector<std::string> dnsNames, ipAddrs;
+    std::string commonName = "192.168.0.1";
+    CPPUNIT_ASSERT(net::verifyHostname("192.168.0.1",
+                                       dnsNames, ipAddrs, commonName));
+  }
+  {
+    // Match against iPAddress in subjectAltName
+    std::vector<std::string> dnsNames, ipAddrs;
+    unsigned char binAddr[16];
+    size_t len;
+    len = net::getBinAddr(binAddr, "192.168.0.1");
+    ipAddrs.push_back(std::string(binAddr, binAddr+len));
+    std::string commonName = "example.org";
+    CPPUNIT_ASSERT(net::verifyHostname("192.168.0.1",
+                                       dnsNames, ipAddrs, commonName));
+  }
+  {
+    // Match against iPAddress (ipv6) in subjectAltName
+    std::vector<std::string> dnsNames, ipAddrs;
+    unsigned char binAddr[16];
+    size_t len;
+    len = net::getBinAddr(binAddr, "::1");
+    ipAddrs.push_back(std::string(binAddr, binAddr+len));
+    std::string commonName = "example.org";
+    CPPUNIT_ASSERT(net::verifyHostname("::1",
+                                       dnsNames, ipAddrs, commonName));
+  }
+  {
+    // If iPAddress is privided, don't match with commonName
+    std::vector<std::string> dnsNames, ipAddrs;
+    unsigned char binAddr[16];
+    size_t len;
+    len = net::getBinAddr(binAddr, "192.168.0.2");
+    ipAddrs.push_back(std::string(binAddr, binAddr+len));
+    std::string commonName = "192.168.0.1";
+    CPPUNIT_ASSERT(!net::verifyHostname("192.168.0.1",
+                                        dnsNames, ipAddrs, commonName));
+  }
+}
+
 } // namespace aria2