[trafficserver] branch master updated: Regex name checks on ssl_server_name should be anchored.

Mon, 25 Mar 2019 12:53:03 -0700 

This is an automated email from the ASF dual-hosted git repository.

shinrich pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
     new 1c86881  Regex name checks on ssl_server_name should be anchored.
1c86881 is described below

commit 1c8688176b239334853dd8695788a8405758dcaa
Author: Susan Hinrichs <shinr...@oath.com>
AuthorDate: Mon Mar 18 22:15:58 2019 +0000

    Regex name checks on ssl_server_name should be anchored.
---
 iocore/net/P_SSLSNI.h                         |  2 +-
 tests/gold_tests/tls/tls_client_cert2.test.py | 21 +++++++++++++++++++++
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/iocore/net/P_SSLSNI.h b/iocore/net/P_SSLSNI.h
index 78d054e..14c2394 100644
--- a/iocore/net/P_SSLSNI.h
+++ b/iocore/net/P_SSLSNI.h
@@ -77,7 +77,7 @@ public:
     const char *err_ptr;
     int err_offset = 0;
     if (!regexName.empty()) {
-      match = pcre_compile(regexName.c_str(), 0, &err_ptr, &err_offset, 
nullptr);
+      match = pcre_compile(regexName.c_str(), PCRE_ANCHORED, &err_ptr, 
&err_offset, nullptr);
     } else {
       match = nullptr;
     }
diff --git a/tests/gold_tests/tls/tls_client_cert2.test.py 
b/tests/gold_tests/tls/tls_client_cert2.test.py
index 05ee893..125e969 100644
--- a/tests/gold_tests/tls/tls_client_cert2.test.py
+++ b/tests/gold_tests/tls/tls_client_cert2.test.py
@@ -96,6 +96,9 @@ ts.Disk.ssl_server_name_yaml.AddLines([
     '- fqdn: "*bar.com"',
     '  client_cert: {0}/signed2-bar.pem'.format(ts.Variables.SSLDir),
     '  client_key: {0}/signed-bar.key'.format(ts.Variables.SSLDir),
+    '- fqdn: "foo.com"',
+    '  client_cert: {0}/signed2-foo.pem'.format(ts.Variables.SSLDir),
+    '  client_key: {0}/signed-foo.key'.format(ts.Variables.SSLDir),
 ])
 
 
@@ -156,3 +159,21 @@ trfail.Processes.Default.Command = 'curl -H 
host:random.bar.com  http://127.0.0.
 trfail.Processes.Default.ReturnCode = 0
 trfail.Processes.Default.Streams.stdout = Testers.ContainsExpression("Could 
Not Connect", "Check response")
 
+# Should fail
+tr = Test.AddTestRun("random.foo.com to server 2")
+tr.StillRunningAfter = ts
+tr.StillRunningAfter = server
+tr.StillRunningAfter = server2
+tr.Processes.Default.Command = "curl -H host:random.foo.com  
http://127.0.0.1:{0}/case2".format(ts.Variables.port)
+tr.Processes.Default.ReturnCode = 0
+tr.Processes.Default.Streams.stdout = Testers.ContainsExpression("Could Not 
Connect", "Check response")
+
+#Should fail
+trfail = Test.AddTestRun("random.foo.com to server 1")
+trfail.StillRunningAfter = ts
+trfail.StillRunningAfter = server
+trfail.StillRunningAfter = server2
+trfail.Processes.Default.Command = 'curl -H host:random.foo.com  
http://127.0.0.1:{0}/case1'.format(ts.Variables.port)
+trfail.Processes.Default.ReturnCode = 0
+trfail.Processes.Default.Streams.stdout = Testers.ContainsExpression("Could 
Not Connect", "Check response")
+

Reply via email to