This is an automated email from the ASF dual-hosted git repository. shinrich pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push: new 1c86881 Regex name checks on ssl_server_name should be anchored. 1c86881 is described below commit 1c8688176b239334853dd8695788a8405758dcaa Author: Susan Hinrichs <shinr...@oath.com> AuthorDate: Mon Mar 18 22:15:58 2019 +0000 Regex name checks on ssl_server_name should be anchored. --- iocore/net/P_SSLSNI.h | 2 +- tests/gold_tests/tls/tls_client_cert2.test.py | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/iocore/net/P_SSLSNI.h b/iocore/net/P_SSLSNI.h index 78d054e..14c2394 100644 --- a/iocore/net/P_SSLSNI.h +++ b/iocore/net/P_SSLSNI.h @@ -77,7 +77,7 @@ public: const char *err_ptr; int err_offset = 0; if (!regexName.empty()) { - match = pcre_compile(regexName.c_str(), 0, &err_ptr, &err_offset, nullptr); + match = pcre_compile(regexName.c_str(), PCRE_ANCHORED, &err_ptr, &err_offset, nullptr); } else { match = nullptr; } diff --git a/tests/gold_tests/tls/tls_client_cert2.test.py b/tests/gold_tests/tls/tls_client_cert2.test.py index 05ee893..125e969 100644 --- a/tests/gold_tests/tls/tls_client_cert2.test.py +++ b/tests/gold_tests/tls/tls_client_cert2.test.py @@ -96,6 +96,9 @@ ts.Disk.ssl_server_name_yaml.AddLines([ '- fqdn: "*bar.com"', ' client_cert: {0}/signed2-bar.pem'.format(ts.Variables.SSLDir), ' client_key: {0}/signed-bar.key'.format(ts.Variables.SSLDir), + '- fqdn: "foo.com"', + ' client_cert: {0}/signed2-foo.pem'.format(ts.Variables.SSLDir), + ' client_key: {0}/signed-foo.key'.format(ts.Variables.SSLDir), ]) @@ -156,3 +159,21 @@ trfail.Processes.Default.Command = 'curl -H host:random.bar.com http://127.0.0. trfail.Processes.Default.ReturnCode = 0 trfail.Processes.Default.Streams.stdout = Testers.ContainsExpression("Could Not Connect", "Check response") +# Should fail +tr = Test.AddTestRun("random.foo.com to server 2") +tr.StillRunningAfter = ts +tr.StillRunningAfter = server +tr.StillRunningAfter = server2 +tr.Processes.Default.Command = "curl -H host:random.foo.com http://127.0.0.1:{0}/case2".format(ts.Variables.port) +tr.Processes.Default.ReturnCode = 0 +tr.Processes.Default.Streams.stdout = Testers.ContainsExpression("Could Not Connect", "Check response") + +#Should fail +trfail = Test.AddTestRun("random.foo.com to server 1") +trfail.StillRunningAfter = ts +trfail.StillRunningAfter = server +trfail.StillRunningAfter = server2 +trfail.Processes.Default.Command = 'curl -H host:random.foo.com http://127.0.0.1:{0}/case1'.format(ts.Variables.port) +trfail.Processes.Default.ReturnCode = 0 +trfail.Processes.Default.Streams.stdout = Testers.ContainsExpression("Could Not Connect", "Check response") +