Module: wine Branch: master Commit: 24399bd3599101bc8f1600cf0c13a54483662bcc URL: http://source.winehq.org/git/wine.git/?a=commit;h=24399bd3599101bc8f1600cf0c... Author: Juan Lang <juan.lang(a)gmail.com> Date: Fri Oct 23 14:38:47 2009 -0700 crypt32: Support IPv6 addresses in name constraint comparison. --- dlls/crypt32/chain.c | 21 +++++++++++++++++++-- 1 files changed, 19 insertions(+), 2 deletions(-) diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c index 1b26bf3..e8f9de3 100644 --- a/dlls/crypt32/chain.c +++ b/dlls/crypt32/chain.c @@ -548,9 +548,13 @@ static BOOL ip_address_matches(const CRYPT_DATA_BLOB *constraint, TRACE("(%d, %p), (%d, %p)\n", constraint->cbData, constraint->pbData, name->cbData, name->pbData); - if (constraint->cbData != sizeof(DWORD) * 2) + /* RFC5280, section 4.2.1.10, iPAddress syntax: either 8 or 32 bytes, for + * IPv4 or IPv6 addresses, respectively. + */ + if (constraint->cbData != sizeof(DWORD) * 2 && constraint->cbData != 32) *trustErrorStatus |= CERT_TRUST_INVALID_NAME_CONSTRAINTS; - else if (name->cbData == sizeof(DWORD)) + else if (name->cbData == sizeof(DWORD) && + constraint->cbData == sizeof(DWORD) * 2) { DWORD subnet, mask, addr; @@ -562,6 +566,19 @@ static BOOL ip_address_matches(const CRYPT_DATA_BLOB *constraint, */ match = (subnet & mask) == (addr & mask); } + else if (name->cbData == 16 && constraint->cbData == 32) + { + const BYTE *subnet, *mask, *addr; + DWORD i; + + subnet = constraint->pbData; + mask = constraint->pbData + 16; + addr = name->pbData; + match = TRUE; + for (i = 0; match && i < 16; i++) + if ((subnet[i] & mask[i]) != (addr[i] & mask[i])) + match = FALSE; + } /* else: name is wrong size, no match */ return match;