subjectaltnameaddr() in tlscommon.c is passed a struct in6_addr * as a parameter. Near the end of the function, it calls memcmp() to compare that address to one found in the certificate, however, it is taking the address of the argument, meaning it's passing a struct in6_addr ** to memcmp(), which is incorrect. Fix is to remove the & from addr in the memcmp.
I've just found the github repository, and submitted a pull request for this.
-----Original Message----- From: radsecproxy [mailto:radsecproxy-bounces@lists.nordu.net] On Behalf Of Wall, Stephen Sent: Wednesday, June 27, 2018 9:32 AM To: radsecproxy@lists.nordu.net Subject: [radsecproxy] Bug in certificate validation
subjectaltnameaddr() in tlscommon.c is passed a struct in6_addr * as a parameter. Near the end of the function, it calls memcmp() to compare that address to one found in the certificate, however, it is taking the address of the argument, meaning it's passing a struct in6_addr ** to memcmp(), which is incorrect. Fix is to remove the & from addr in the memcmp. _______________________________________________ radsecproxy mailing list radsecproxy@lists.nordu.net https://lists.nordu.net/listinfo/radsecproxy
-
Wall, Stephen