From a1c9d0cc19491b747fbae2593b371a0f52d6729e Mon Sep 17 00:00:00 2001
From: Toni Uhlig <matzeton@googlemail.com>
Date: Tue, 11 May 2021 13:46:09 +0200
Subject: Improved SSL certificate name wildcard handling and risk. #1182

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
---
 src/lib/protocols/tls.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 1fdaf5dee..cb8180166 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -497,8 +497,20 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi
 		  if(matched_name == 0) {
 		    if(flow->protos.tls_quic_stun.tls_quic.client_requested_server_name[0] == '\0')
 		      matched_name = 1;	/* No SNI */
-		    else if((dNSName[0] == '*') && strstr(flow->protos.tls_quic_stun.tls_quic.client_requested_server_name, &dNSName[1]))
-		      matched_name = 1;
+		    else if (dNSName[0] == '*')
+		    {
+		      char * label = strstr(flow->protos.tls_quic_stun.tls_quic.client_requested_server_name, &dNSName[1]);
+
+		      if (label != NULL)
+		      {
+		        char * first_dot = strchr(flow->protos.tls_quic_stun.tls_quic.client_requested_server_name, '.');
+
+		        if (first_dot == NULL || first_dot >= label)
+		        {
+		          matched_name = 1;
+		        }
+		      }
+		    }
 		    else if(strcmp(flow->protos.tls_quic_stun.tls_quic.client_requested_server_name, dNSName) == 0)
 		      matched_name = 1;
 		  }
-- 
cgit v1.2.3