Line | Source | Count |
1 | | - |
2 | | - |
3 | | - |
4 | | - |
5 | | - |
6 | static int | - |
7 | tls_match_name(const char *cert_name, const char *name) | - |
8 | { | - |
9 | const char *cert_domain, *domain, *next_dot; | - |
10 | | - |
11 | if (strcasecmp(cert_name, name) == 0TRUE | evaluated 5 times by 1 test | FALSE | evaluated 20 times by 1 test |
) | 5-20 |
12 | returnexecuted 5 times by 1 test: return 0; 0;executed 5 times by 1 test: return 0; | 5 |
13 | | - |
14 | | - |
15 | if (cert_name[0] == '*'TRUE | evaluated 7 times by 1 test | FALSE | evaluated 13 times by 1 test |
) { | 7-13 |
16 | cert_domain = &cert_name[1]; | - |
17 | | - |
18 | if (cert_domain[0] == '\0'TRUE | evaluated 1 time by 1 test | FALSE | evaluated 6 times by 1 test |
) | 1-6 |
19 | returnexecuted 1 time by 1 test: return -1; -1;executed 1 time by 1 test: return -1; | 1 |
20 | | - |
21 | if (cert_domain[0] != '.'TRUE | never evaluated | FALSE | evaluated 6 times by 1 test |
) | 0-6 |
22 | return never executed: return -1; -1;never executed: return -1; | 0 |
23 | | - |
24 | if (cert_domain[1] == '.'TRUE | never evaluated | FALSE | evaluated 6 times by 1 test |
) | 0-6 |
25 | return never executed: return -1; -1;never executed: return -1; | 0 |
26 | next_dot = | - |
27 | (__extension__ (__builtin_constant_p (TRUE | evaluated 6 times by 1 test | FALSE | never evaluated |
| 0-6 |
28 | '.'TRUE | evaluated 6 times by 1 test | FALSE | never evaluated |
| 0-6 |
29 | )TRUE | evaluated 6 times by 1 test | FALSE | never evaluated |
&& !__builtin_constant_p (TRUE | evaluated 6 times by 1 test | FALSE | never evaluated |
| 0-6 |
30 | &cert_domain[1]TRUE | evaluated 6 times by 1 test | FALSE | never evaluated |
| 0-6 |
31 | )TRUE | evaluated 6 times by 1 test | FALSE | never evaluated |
&& (TRUE | never evaluated | FALSE | evaluated 6 times by 1 test |
| 0-6 |
32 | '.'TRUE | never evaluated | FALSE | evaluated 6 times by 1 test |
| 0-6 |
33 | ) == '\0'TRUE | never evaluated | FALSE | evaluated 6 times by 1 test |
? (char *) __rawmemchr ( | 0-6 |
34 | &cert_domain[1] | - |
35 | , | - |
36 | '.' | - |
37 | ) : __builtin_strchr ( | - |
38 | &cert_domain[1] | - |
39 | , | - |
40 | '.' | - |
41 | ))) | - |
42 | ; | - |
43 | | - |
44 | if (next_dot == TRUE | evaluated 3 times by 1 test | FALSE | evaluated 3 times by 1 test |
| 3 |
45 | ((void *)0)TRUE | evaluated 3 times by 1 test | FALSE | evaluated 3 times by 1 test |
| 3 |
46 | ) | - |
47 | returnexecuted 3 times by 1 test: return -1; -1;executed 3 times by 1 test: return -1; | 3 |
48 | | - |
49 | if (next_dot[1] == '.'TRUE | never evaluated | FALSE | evaluated 3 times by 1 test |
) | 0-3 |
50 | return never executed: return -1; -1;never executed: return -1; | 0 |
51 | | - |
52 | domain = | - |
53 | (__extension__ (__builtin_constant_p (TRUE | evaluated 3 times by 1 test | FALSE | never evaluated |
| 0-3 |
54 | '.'TRUE | evaluated 3 times by 1 test | FALSE | never evaluated |
| 0-3 |
55 | )TRUE | evaluated 3 times by 1 test | FALSE | never evaluated |
&& !__builtin_constant_p (TRUE | evaluated 3 times by 1 test | FALSE | never evaluated |
| 0-3 |
56 | nameTRUE | evaluated 3 times by 1 test | FALSE | never evaluated |
| 0-3 |
57 | )TRUE | evaluated 3 times by 1 test | FALSE | never evaluated |
&& (TRUE | never evaluated | FALSE | evaluated 3 times by 1 test |
| 0-3 |
58 | '.'TRUE | never evaluated | FALSE | evaluated 3 times by 1 test |
| 0-3 |
59 | ) == '\0'TRUE | never evaluated | FALSE | evaluated 3 times by 1 test |
? (char *) __rawmemchr ( | 0-3 |
60 | name | - |
61 | , | - |
62 | '.' | - |
63 | ) : __builtin_strchr ( | - |
64 | name | - |
65 | , | - |
66 | '.' | - |
67 | ))) | - |
68 | ; | - |
69 | | - |
70 | | - |
71 | if (name[0] == '.'TRUE | evaluated 1 time by 1 test | FALSE | evaluated 2 times by 1 test |
) | 1-2 |
72 | returnexecuted 1 time by 1 test: return -1; -1;executed 1 time by 1 test: return -1; | 1 |
73 | | - |
74 | if (domain == TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
| 0-2 |
75 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
| 0-2 |
76 | || strlen(domain) == 1TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
) | 0-2 |
77 | return never executed: return -1; -1;never executed: return -1; | 0 |
78 | | - |
79 | if (strcasecmp(cert_domain, domain) == 0TRUE | evaluated 2 times by 1 test | FALSE | never evaluated |
) | 0-2 |
80 | returnexecuted 2 times by 1 test: return 0; 0;executed 2 times by 1 test: return 0; | 2 |
81 | } never executed: end of block | 0 |
82 | | - |
83 | returnexecuted 13 times by 1 test: return -1; -1;executed 13 times by 1 test: return -1; | 13 |
84 | } | - |
85 | | - |
86 | | - |
87 | | - |
88 | | - |
89 | | - |
90 | | - |
91 | static int | - |
92 | tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name, | - |
93 | int *alt_match, int *alt_exists) | - |
94 | { | - |
95 | struct stack_st_GENERAL_NAME *altname_stack = | - |
96 | ((void *)0) | - |
97 | ; | - |
98 | union tls_addr addrbuf; | - |
99 | int addrlen, type; | - |
100 | int count, i; | - |
101 | int rv = 0; | - |
102 | | - |
103 | *alt_match = 0; | - |
104 | *alt_exists = 0; | - |
105 | | - |
106 | altname_stack = X509_get_ext_d2i(cert, 85, | - |
107 | | - |
108 | ((void *)0) | - |
109 | , | - |
110 | ((void *)0) | - |
111 | ); | - |
112 | if (altname_stack == TRUE | evaluated 15 times by 1 test | FALSE | evaluated 13 times by 1 test |
| 13-15 |
113 | ((void *)0)TRUE | evaluated 15 times by 1 test | FALSE | evaluated 13 times by 1 test |
| 13-15 |
114 | ) | - |
115 | returnexecuted 15 times by 1 test: return 0; 0;executed 15 times by 1 test: return 0; | 15 |
116 | | - |
117 | if (inet_pton(TRUE | evaluated 2 times by 1 test | FALSE | evaluated 11 times by 1 test |
| 2-11 |
118 | 2TRUE | evaluated 2 times by 1 test | FALSE | evaluated 11 times by 1 test |
| 2-11 |
119 | , name, &addrbuf) == 1TRUE | evaluated 2 times by 1 test | FALSE | evaluated 11 times by 1 test |
) { | 2-11 |
120 | type = 7; | - |
121 | addrlen = 4; | - |
122 | }executed 2 times by 1 test: end of block else if (inet_pton(TRUE | evaluated 1 time by 1 test | FALSE | evaluated 10 times by 1 test |
| 1-10 |
123 | 10TRUE | evaluated 1 time by 1 test | FALSE | evaluated 10 times by 1 test |
| 1-10 |
124 | , name, &addrbuf) == 1TRUE | evaluated 1 time by 1 test | FALSE | evaluated 10 times by 1 test |
) { | 1-10 |
125 | type = 7; | - |
126 | addrlen = 16; | - |
127 | }executed 1 time by 1 test: end of block else { | 1 |
128 | type = 2; | - |
129 | addrlen = 0; | - |
130 | }executed 10 times by 1 test: end of block | 10 |
131 | | - |
132 | count = sk_num(((_STACK*) (1 ? (altname_stack) : (struct stack_st_GENERAL_NAME*)0))); | - |
133 | for (i = 0; i < countTRUE | evaluated 22 times by 1 test | FALSE | evaluated 4 times by 1 test |
; i++) { | 4-22 |
134 | GENERAL_NAME *altname; | - |
135 | | - |
136 | altname = ((GENERAL_NAME *)sk_value(((_STACK*) (1 ? (altname_stack) : (struct stack_st_GENERAL_NAME*)0)), (i))); | - |
137 | | - |
138 | if (altname->type == 2TRUE | evaluated 20 times by 1 test | FALSE | evaluated 2 times by 1 test |
|| altname->type == 7TRUE | evaluated 2 times by 1 test | FALSE | never evaluated |
) | 0-20 |
139 | *executed 22 times by 1 test: *alt_exists = 1; alt_exists = 1;executed 22 times by 1 test: *alt_exists = 1; | 22 |
140 | | - |
141 | if (altname->type != typeTRUE | evaluated 4 times by 1 test | FALSE | evaluated 18 times by 1 test |
) | 4-18 |
142 | continue;executed 4 times by 1 test: continue; | 4 |
143 | | - |
144 | if (type == 2TRUE | evaluated 16 times by 1 test | FALSE | evaluated 2 times by 1 test |
) { | 2-16 |
145 | unsigned char *data; | - |
146 | int format, len; | - |
147 | | - |
148 | format = ASN1_STRING_type(altname->d.dNSName); | - |
149 | if (format == 22TRUE | evaluated 16 times by 1 test | FALSE | never evaluated |
) { | 0-16 |
150 | data = ASN1_STRING_data(altname->d.dNSName); | - |
151 | len = ASN1_STRING_length(altname->d.dNSName); | - |
152 | | - |
153 | if (len < 0TRUE | never evaluated | FALSE | evaluated 16 times by 1 test |
|| (TRUE | evaluated 1 time by 1 test | FALSE | evaluated 15 times by 1 test |
size_t)len != strlen(data)TRUE | evaluated 1 time by 1 test | FALSE | evaluated 15 times by 1 test |
) { | 0-16 |
154 | tls_set_errorx(ctx, | - |
155 | "error verifying name '%s': " | - |
156 | "NUL byte in subjectAltName, " | - |
157 | "probably a malicious certificate", | - |
158 | name); | - |
159 | rv = -1; | - |
160 | break;executed 1 time by 1 test: break; | 1 |
161 | } | - |
162 | | - |
163 | | - |
164 | | - |
165 | | - |
166 | | - |
167 | | - |
168 | if ( | - |
169 | __extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p (TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
170 | dataTRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
171 | ) && __builtin_constant_p (TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
172 | " "TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
173 | ) && (__s1_len = __builtin_strlen (TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
174 | dataTRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
175 | ), __s2_len = __builtin_strlen (TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
176 | " "TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
177 | ), (!((size_t)(const void *)((TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
178 | dataTRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
179 | ) + 1) - (size_t)(const void *)(TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
180 | dataTRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
181 | ) == 1) || __s1_len >= 4) && (!((size_t)(const void *)((TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
182 | " "TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
183 | ) + 1) - (size_t)(const void *)(TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
184 | " "TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
185 | ) == 1) || __s2_len >= 4)) ? __builtin_strcmp (TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
186 | dataTRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
187 | , TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
188 | " "TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
189 | ) : (__builtin_constant_p (TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
190 | dataTRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
191 | ) && ((size_t)(const void *)((TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
192 | dataTRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
193 | ) + 1) - (size_t)(const void *)(TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
194 | dataTRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
195 | ) == 1) && (__s1_len = __builtin_strlen (TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
196 | dataTRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
197 | ), __s1_len < 4) ? (__builtin_constant_p (TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
198 | " "TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
199 | ) && ((size_t)(const void *)((TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
200 | " "TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
201 | ) + 1) - (size_t)(const void *)(TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
202 | " "TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
203 | ) == 1) ? __builtin_strcmp (TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
204 | dataTRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
205 | , TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
206 | " "TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
207 | ) : (__extension__ ({ const unsigned char *__s2 = (const unsigned char *) (const char *) (TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
208 | " "TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
209 | ); int __result = (((const unsigned char *) (const char *) (TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
210 | dataTRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
211 | ))[0] - __s2[0]); if (__s1_len > 0TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 0-14 |
212 | dataTRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
213 | ))[1] - __s2[1]); if (__s1_len > 1TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 0-14 |
214 | dataTRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
215 | ))[2] - __s2[2]); if (__s1_len > 2TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) __result = (((const unsigned char *) (const char *) (never executed: __result = (((const unsigned char *) (const char *) ( data ))[3] - __s2[3]); TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 0-14 |
216 | dataTRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
never executed: __result = (((const unsigned char *) (const char *) ( data ))[3] - __s2[3]); | 0-14 |
217 | ))[3] - __s2[3]);TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
never executed: __result = (((const unsigned char *) (const char *) ( data ))[3] - __s2[3]); }never executed: end of block }never executed: end of block __result; }))) : (__builtin_constant_p (TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 0-14 |
218 | " "TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
219 | ) && ((size_t)(const void *)((TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
220 | " "TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
221 | ) + 1) - (size_t)(const void *)(TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
222 | " "TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
223 | ) == 1) && (__s2_len = __builtin_strlen (TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
224 | " "TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
225 | ), __s2_len < 4) ? (__builtin_constant_p (TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
226 | dataTRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
227 | ) && ((size_t)(const void *)((TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
228 | dataTRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
229 | ) + 1) - (size_t)(const void *)(TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
230 | dataTRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
231 | ) == 1) ? __builtin_strcmp (TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
232 | dataTRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
233 | , TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
234 | " "TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
235 | ) : -(__extension__ ({ const unsigned char *__s2 = (const unsigned char *) (const char *) (TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
236 | dataTRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
237 | ); int __result = (((const unsigned char *) (const char *) (TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
238 | " "TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
239 | ))[0] - __s2[0]); if (__s2_len > 0TRUE | evaluated 15 times by 1 test | FALSE | never evaluated |
&& __result == 0TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
) { __result = (((const unsigned char *) (const char *) (TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 0-15 |
240 | " "TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
241 | ))[1] - __s2[1]); if (__s2_len > 1TRUE | never evaluated | FALSE | evaluated 1 time by 1 test |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 0-14 |
242 | " "TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
243 | ))[2] - __s2[2]); if (__s2_len > 2TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) __result = (((const unsigned char *) (const char *) (never executed: __result = (((const unsigned char *) (const char *) ( " " ))[3] - __s2[3]); TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 0-14 |
244 | " "TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
never executed: __result = (((const unsigned char *) (const char *) ( " " ))[3] - __s2[3]); | 0-14 |
245 | ))[3] - __s2[3]);TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
never executed: __result = (((const unsigned char *) (const char *) ( " " ))[3] - __s2[3]); }never executed: end of block } __result; }))) : __builtin_strcmp (TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 0-14 |
246 | dataTRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
247 | , TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
248 | " "TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
249 | )))); }) TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
| 1-14 |
250 | == 0TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
) { | 1-14 |
251 | tls_set_errorx(ctx, | - |
252 | "error verifying name '%s': " | - |
253 | "a dNSName of \" \" must not be " | - |
254 | "used", name); | - |
255 | rv = -1; | - |
256 | break;executed 1 time by 1 test: break; | 1 |
257 | } | - |
258 | | - |
259 | if (tls_match_name(data, name) == 0TRUE | evaluated 5 times by 1 test | FALSE | evaluated 9 times by 1 test |
) { | 5-9 |
260 | *alt_match = 1; | - |
261 | break;executed 5 times by 1 test: break; | 5 |
262 | } | - |
263 | }executed 9 times by 1 test: end of block else { | 9 |
264 | | - |
265 | | - |
266 | | - |
267 | | - |
268 | | - |
269 | } never executed: end of block | 0 |
270 | | - |
271 | } else if (type == 7TRUE | evaluated 2 times by 1 test | FALSE | never evaluated |
) { | 0-2 |
272 | unsigned char *data; | - |
273 | int datalen; | - |
274 | | - |
275 | datalen = ASN1_STRING_length(altname->d.iPAddress); | - |
276 | data = ASN1_STRING_data(altname->d.iPAddress); | - |
277 | | - |
278 | if (datalen < 0TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
) { | 0-2 |
279 | tls_set_errorx(ctx, | - |
280 | "Unexpected negative length for an " | - |
281 | "IP address: %d", datalen); | - |
282 | rv = -1; | - |
283 | break; never executed: break; | 0 |
284 | } | - |
285 | | - |
286 | | - |
287 | | - |
288 | | - |
289 | | - |
290 | if (datalen == addrlenTRUE | evaluated 2 times by 1 test | FALSE | never evaluated |
&& | 0-2 |
291 | memcmp(data, &addrbuf, addrlen) == 0TRUE | evaluated 2 times by 1 test | FALSE | never evaluated |
) { | 0-2 |
292 | *alt_match = 1; | - |
293 | break;executed 2 times by 1 test: break; | 2 |
294 | } | - |
295 | } never executed: end of block | 0 |
296 | }executed 9 times by 1 test: end of block | 9 |
297 | | - |
298 | sk_pop_free(((_STACK*) (1 ? (altname_stack) : (struct stack_st_GENERAL_NAME*)0)), ((void (*)(void *)) ((1 ? (GENERAL_NAME_free) : (void (*)(GENERAL_NAME *))0)))); | - |
299 | returnexecuted 13 times by 1 test: return rv; rv;executed 13 times by 1 test: return rv; | 13 |
300 | } | - |
301 | | - |
302 | static int | - |
303 | tls_check_common_name(struct tls *ctx, X509 *cert, const char *name, | - |
304 | int *cn_match) | - |
305 | { | - |
306 | X509_NAME *subject_name; | - |
307 | char *common_name = | - |
308 | ((void *)0) | - |
309 | ; | - |
310 | union tls_addr addrbuf; | - |
311 | int common_name_len; | - |
312 | int rv = 0; | - |
313 | | - |
314 | *cn_match = 0; | - |
315 | | - |
316 | subject_name = X509_get_subject_name(cert); | - |
317 | if (subject_name == TRUE | never evaluated | FALSE | evaluated 15 times by 1 test |
| 0-15 |
318 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 15 times by 1 test |
| 0-15 |
319 | ) | - |
320 | goto never executed: goto done; done;never executed: goto done; | 0 |
321 | | - |
322 | common_name_len = X509_NAME_get_text_by_NID(subject_name, | - |
323 | 13, | - |
324 | ((void *)0) | - |
325 | , 0); | - |
326 | if (common_name_len < 0TRUE | never evaluated | FALSE | evaluated 15 times by 1 test |
) | 0-15 |
327 | goto never executed: goto done; done;never executed: goto done; | 0 |
328 | | - |
329 | common_name = calloc(common_name_len + 1, 1); | - |
330 | if (common_name == TRUE | never evaluated | FALSE | evaluated 15 times by 1 test |
| 0-15 |
331 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 15 times by 1 test |
| 0-15 |
332 | ) | - |
333 | goto never executed: goto done; done;never executed: goto done; | 0 |
334 | | - |
335 | X509_NAME_get_text_by_NID(subject_name, 13, common_name, | - |
336 | common_name_len + 1); | - |
337 | | - |
338 | | - |
339 | if (common_name_len < 0TRUE | never evaluated | FALSE | evaluated 15 times by 1 test |
|| | 0-15 |
340 | (TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
size_t)common_name_len != strlen(common_name)TRUE | evaluated 1 time by 1 test | FALSE | evaluated 14 times by 1 test |
) { | 1-14 |
341 | tls_set_errorx(ctx, "error verifying name '%s': " | - |
342 | "NUL byte in Common Name field, " | - |
343 | "probably a malicious certificate", name); | - |
344 | rv = -1; | - |
345 | gotoexecuted 1 time by 1 test: goto done; done;executed 1 time by 1 test: goto done; | 1 |
346 | } | - |
347 | | - |
348 | | - |
349 | | - |
350 | | - |
351 | | - |
352 | if (inet_pton(TRUE | evaluated 2 times by 1 test | FALSE | evaluated 12 times by 1 test |
| 2-12 |
353 | 2TRUE | evaluated 2 times by 1 test | FALSE | evaluated 12 times by 1 test |
| 2-12 |
354 | , name, &addrbuf) == 1TRUE | evaluated 2 times by 1 test | FALSE | evaluated 12 times by 1 test |
|| | 2-12 |
355 | inet_pton(TRUE | evaluated 1 time by 1 test | FALSE | evaluated 11 times by 1 test |
| 1-11 |
356 | 10TRUE | evaluated 1 time by 1 test | FALSE | evaluated 11 times by 1 test |
| 1-11 |
357 | , name, &addrbuf) == 1TRUE | evaluated 1 time by 1 test | FALSE | evaluated 11 times by 1 test |
) { | 1-11 |
358 | if ( | - |
359 | __extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p (TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
360 | common_nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
361 | ) && __builtin_constant_p (TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
362 | nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
363 | ) && (__s1_len = __builtin_strlen (TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
364 | common_nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
365 | ), __s2_len = __builtin_strlen (TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
366 | nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
367 | ), (!((size_t)(const void *)((TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
368 | common_nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
369 | ) + 1) - (size_t)(const void *)(TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
370 | common_nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
371 | ) == 1) || __s1_len >= 4) && (!((size_t)(const void *)((TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
372 | nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
373 | ) + 1) - (size_t)(const void *)(TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
374 | nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
375 | ) == 1) || __s2_len >= 4)) ? __builtin_strcmp (TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
376 | common_nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
377 | , TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
378 | nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
379 | ) : (__builtin_constant_p (TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
380 | common_nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
381 | ) && ((size_t)(const void *)((TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
382 | common_nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
383 | ) + 1) - (size_t)(const void *)(TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
384 | common_nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
385 | ) == 1) && (__s1_len = __builtin_strlen (TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
386 | common_nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
387 | ), __s1_len < 4) ? (__builtin_constant_p (TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
388 | nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
389 | ) && ((size_t)(const void *)((TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
390 | nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
391 | ) + 1) - (size_t)(const void *)(TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
392 | nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
393 | ) == 1) ? __builtin_strcmp (TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
394 | common_nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
395 | , TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
396 | nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
397 | ) : (__extension__ ({ const unsigned char *__s2 = (const unsigned char *) (const char *) (TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
398 | nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
399 | ); int __result = (((const unsigned char *) (const char *) (TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
400 | common_nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
401 | ))[0] - __s2[0]); if (__s1_len > 0TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 0-2 |
402 | common_nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
403 | ))[1] - __s2[1]); if (__s1_len > 1TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 0-2 |
404 | common_nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
405 | ))[2] - __s2[2]); if (__s1_len > 2TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) __result = (((const unsigned char *) (const char *) (never executed: __result = (((const unsigned char *) (const char *) ( common_name ))[3] - __s2[3]); TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 0-2 |
406 | common_nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
never executed: __result = (((const unsigned char *) (const char *) ( common_name ))[3] - __s2[3]); | 0-2 |
407 | ))[3] - __s2[3]);TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
never executed: __result = (((const unsigned char *) (const char *) ( common_name ))[3] - __s2[3]); }never executed: end of block }never executed: end of block __result; }))) : (__builtin_constant_p (TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 0-2 |
408 | nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
409 | ) && ((size_t)(const void *)((TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
410 | nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
411 | ) + 1) - (size_t)(const void *)(TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
412 | nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
413 | ) == 1) && (__s2_len = __builtin_strlen (TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
414 | nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
415 | ), __s2_len < 4) ? (__builtin_constant_p (TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
416 | common_nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
417 | ) && ((size_t)(const void *)((TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
418 | common_nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
419 | ) + 1) - (size_t)(const void *)(TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
420 | common_nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
421 | ) == 1) ? __builtin_strcmp (TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
422 | common_nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
423 | , TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
424 | nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
425 | ) : -(__extension__ ({ const unsigned char *__s2 = (const unsigned char *) (const char *) (TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
426 | common_nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
427 | ); int __result = (((const unsigned char *) (const char *) (TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
428 | nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
429 | ))[0] - __s2[0]); if (__s2_len > 0TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 0-2 |
430 | nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
431 | ))[1] - __s2[1]); if (__s2_len > 1TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) { __result = (((const unsigned char *) (const char *) (TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 0-2 |
432 | nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
433 | ))[2] - __s2[2]); if (__s2_len > 2TRUE | never evaluated | FALSE | never evaluated |
&& __result == 0TRUE | never evaluated | FALSE | never evaluated |
) __result = (((const unsigned char *) (const char *) (never executed: __result = (((const unsigned char *) (const char *) ( name ))[3] - __s2[3]); TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 0-2 |
434 | nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
never executed: __result = (((const unsigned char *) (const char *) ( name ))[3] - __s2[3]); | 0-2 |
435 | ))[3] - __s2[3]);TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
never executed: __result = (((const unsigned char *) (const char *) ( name ))[3] - __s2[3]); }never executed: end of block }never executed: end of block __result; }))) : __builtin_strcmp (TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 0-2 |
436 | common_nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
437 | , TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
438 | nameTRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
439 | )))); }) TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
| 1-2 |
440 | == 0TRUE | evaluated 2 times by 1 test | FALSE | evaluated 1 time by 1 test |
) | 1-2 |
441 | *executed 2 times by 1 test: *cn_match = 1; cn_match = 1;executed 2 times by 1 test: *cn_match = 1; | 2 |
442 | gotoexecuted 3 times by 1 test: goto done; done;executed 3 times by 1 test: goto done; | 3 |
443 | } | - |
444 | | - |
445 | if (tls_match_name(common_name, name) == 0TRUE | evaluated 2 times by 1 test | FALSE | evaluated 9 times by 1 test |
) | 2-9 |
446 | *executed 2 times by 1 test: *cn_match = 1; cn_match = 1;executed 2 times by 1 test: *cn_match = 1; | 2 |
447 | | - |
448 | done:code before this statement executed 11 times by 1 test: done: | 11 |
449 | free(common_name); | - |
450 | returnexecuted 15 times by 1 test: return rv; rv;executed 15 times by 1 test: return rv; | 15 |
451 | } | - |
452 | | - |
453 | int | - |
454 | tls_check_name(struct tls *ctx, X509 *cert, const char *name, int *match) | - |
455 | { | - |
456 | int alt_exists; | - |
457 | | - |
458 | *match = 0; | - |
459 | | - |
460 | if (tls_check_subject_altname(ctx, cert, name, match,TRUE | evaluated 2 times by 1 test | FALSE | evaluated 26 times by 1 test |
| 2-26 |
461 | &alt_exists) == -1TRUE | evaluated 2 times by 1 test | FALSE | evaluated 26 times by 1 test |
) | 2-26 |
462 | returnexecuted 2 times by 1 test: return -1; -1;executed 2 times by 1 test: return -1; | 2 |
463 | | - |
464 | | - |
465 | | - |
466 | | - |
467 | | - |
468 | if (*TRUE | evaluated 7 times by 1 test | FALSE | evaluated 19 times by 1 test |
matchTRUE | evaluated 7 times by 1 test | FALSE | evaluated 19 times by 1 test |
|| alt_existsTRUE | evaluated 4 times by 1 test | FALSE | evaluated 15 times by 1 test |
) | 4-19 |
469 | returnexecuted 11 times by 1 test: return 0; 0;executed 11 times by 1 test: return 0; | 11 |
470 | | - |
471 | returnexecuted 15 times by 1 test: return tls_check_common_name(ctx, cert, name, match); tls_check_common_name(ctx, cert, name, match);executed 15 times by 1 test: return tls_check_common_name(ctx, cert, name, match); | 15 |
472 | } | - |
| | |