Bug 903885, address requests to clarify comments from wtc
authorKai Engert <kaie@kuix.de>
Wed, 05 Mar 2014 18:38:55 +0100
changeset 11063 709d4e597979d472de3d2dd7ddc046a7b22bfa62
parent 11062 f33acaba0f193b6e24cd0e0a7e96bd168c1fe72c
child 11064 2938ac9193a7ea1360d9cda0717a23ab8bc8a59c
push id319
push userkaie@kuix.de
push dateWed, 05 Mar 2014 17:39:02 +0000
bugs903885
Bug 903885, address requests to clarify comments from wtc DONTBUILD
lib/certdb/certdb.c
--- a/lib/certdb/certdb.c
+++ b/lib/certdb/certdb.c
@@ -1389,18 +1389,18 @@ cert_TestHostName(char * cn, const char 
 
 	/* For a cn pattern to be considered valid, the wildcard character...
 	 * - may occur only in a DNS name with at least 3 components, and
 	 * - may occur only as last character in the first component, and
 	 * - may be preceded by additional characters, and
 	 * - must not be preceded by an IDNA ACE prefix (xn--)
 	 */
 	if (wildcard && secondcndot && secondcndot[1] && firsthndot 
-	    && firstcndot  - wildcard  == 1 /* no chars between * and . */
-	    && secondcndot - firstcndot > 1 /* not .. */
+	    && firstcndot  - wildcard  == 1 /* wildcard is last char in first component */
+	    && secondcndot - firstcndot > 1 /* second component is non-empty */
 	    && PORT_Strrchr(cn, '*') == wildcard /* only one wildcard in cn */
 	    && !PORT_Strncasecmp(cn, hn, wildcard - cn)
 	    && !PORT_Strcasecmp(firstcndot, firsthndot)
 	       /* If hn starts with xn--, then cn must start with wildcard */
 	    && (PORT_Strncasecmp(hn, "xn--", 4) || wildcard == cn)) {
 	    /* valid wildcard pattern match */
 	    return SECSuccess;
 	}