From 533328f6a4d5af8b5c7428919920f314ab9b14f9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=AF=9B=E5=AE=87=E9=94=8B?= <maoyufeng3@huawei.com>
Date: Tue, 27 Sep 2022 07:04:14 +0000
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8DCVE-2020-36477?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 毛宇锋 <maoyufeng3@huawei.com>
---
 include/mbedtls/x509.h | 22 ++++++++++++++++++++++
 library/x509_crt.c     | 21 ++++++++++++++++++++-
 2 files changed, 42 insertions(+), 1 deletion(-)

diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index 5bb9b0029..87243c6ef 100755
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -131,6 +131,28 @@
 #define MBEDTLS_X509_BADCRL_BAD_PK           0x040000  /**< The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
 #define MBEDTLS_X509_BADCRL_BAD_KEY          0x080000  /**< The CRL is signed with an unacceptable key (eg bad curve, RSA too short). */
 
+/*
+ * X.509 v3 Subject Alternative Name types.
+ *      otherName                       [0]     OtherName,
+ *      rfc822Name                      [1]     IA5String,
+ *      dNSName                         [2]     IA5String,
+ *      x400Address                     [3]     ORAddress,
+ *      directoryName                   [4]     Name,
+ *      ediPartyName                    [5]     EDIPartyName,
+ *      uniformResourceIdentifier       [6]     IA5String,
+ *      iPAddress                       [7]     OCTET STRING,
+ *      registeredID                    [8]     OBJECT IDENTIFIER
+ */
+#define MBEDTLS_X509_SAN_OTHER_NAME                      0
+#define MBEDTLS_X509_SAN_RFC822_NAME                     1
+#define MBEDTLS_X509_SAN_DNS_NAME                        2
+#define MBEDTLS_X509_SAN_X400_ADDRESS_NAME               3
+#define MBEDTLS_X509_SAN_DIRECTORY_NAME                  4
+#define MBEDTLS_X509_SAN_EDI_PARTY_NAME                  5
+#define MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER     6
+#define MBEDTLS_X509_SAN_IP_ADDRESS                      7
+#define MBEDTLS_X509_SAN_REGISTERED_ID                   8
+
 /* \} name */
 /* \} addtogroup x509_module */
 
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 14c53fcbf..644e71c81 100755
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -2452,6 +2452,25 @@ static int x509_crt_check_cn( const mbedtls_x509_buf *name,
     return( -1 );
 }
 
+/*
+ * Check for SAN match, see RFC 5280 Section 4.2.1.6
+ */
+static int x509_crt_check_san( const mbedtls_x509_buf *name,
+                               const char *cn, size_t cn_len )
+{
+    const unsigned char san_type = (unsigned char) name->tag &
+                                   MBEDTLS_ASN1_TAG_VALUE_MASK;
+
+    /* dNSName */
+    if( san_type == MBEDTLS_X509_SAN_DNS_NAME )
+        return( x509_crt_check_cn( name, cn, cn_len ) );
+
+    /* (We may handle other types here later.) */
+
+    /* Unrecognized type */
+    return( -1 );
+}
+
 /*
  * Verify the requested CN - only call this if cn is not NULL!
  */
@@ -2467,7 +2486,7 @@ static void x509_crt_verify_name( const mbedtls_x509_crt *crt,
     {
         for( cur = &crt->subject_alt_names; cur != NULL; cur = cur->next )
         {
-            if( x509_crt_check_cn( &cur->buf, cn, cn_len ) == 0 )
+            if( x509_crt_check_san( &cur->buf, cn, cn_len ) == 0 )
                 break;
         }
 
-- 
Gitee