nghttpx: Fix numeric hostname verification

2025-12-06 18:18:52 +08:00 · 2023-03-15 20:54:56 +09:00
parent ef7bb8ef9f
commit cc14400096
1 changed files with 4 additions and 1 deletions
--- a/src/shrpx_tls.cc
+++ b/src/shrpx_tls.cc
@@ -1817,12 +1817,15 @@ namespace {
 int verify_numeric_hostname(X509 *cert, const StringRef &hostname,
                            const Address *addr) {
  const void *saddr;
+  size_t saddrlen;
  switch (addr->su.storage.ss_family) {
  case AF_INET:
    saddr = &addr->su.in.sin_addr;
+    saddrlen = sizeof(addr->su.in.sin_addr);
    break;
  case AF_INET6:
    saddr = &addr->su.in6.sin6_addr;
+    saddrlen = sizeof(addr->su.in6.sin6_addr);
    break;
  default:
    return -1;
@@ -1847,7 +1850,7 @@ int verify_numeric_hostname(X509 *cert, const StringRef &hostname,
      size_t ip_addrlen = altname->d.iPAddress->length;

      ip_found = true;
-      if (addr->len == ip_addrlen && memcmp(saddr, ip_addr, ip_addrlen) == 0) {
+      if (saddrlen == ip_addrlen && memcmp(saddr, ip_addr, ip_addrlen) == 0) {
        return 0;
      }
    }