summaryrefslogtreecommitdiffstats
path: root/tests/auto
diff options
context:
space:
mode:
authorPeter Hartmann <peter.hartmann@nokia.com>2010-08-10 11:59:57 (GMT)
committerPeter Hartmann <peter.hartmann@nokia.com>2010-08-10 12:13:35 (GMT)
commit846f1b44eea4bb34d080d055badb40a4a13d369e (patch)
tree4fc58a9d2f96bb9b595ac3db309134d330d74646 /tests/auto
parent09884750f89a24b6f480b4519b3a2a1b4c2f028d (diff)
downloadQt-846f1b44eea4bb34d080d055badb40a4a13d369e.zip
Qt-846f1b44eea4bb34d080d055badb40a4a13d369e.tar.gz
Qt-846f1b44eea4bb34d080d055badb40a4a13d369e.tar.bz2
QSslSocket: fix security vulnerability with wildcard IP addresses
This fixes Westpoint Security issue with Advisory ID#: wp-10-0001. Before, we would allow wildcards in IP addresses like *.2.3.4 ; now, IP addresses must match excatly. Patch-by: Richard J. Moore <rich@kde.org> Task-number: QT-3704
Diffstat (limited to 'tests/auto')
-rw-r--r--tests/auto/qsslsocket/tst_qsslsocket.cpp2
1 files changed, 2 insertions, 0 deletions
diff --git a/tests/auto/qsslsocket/tst_qsslsocket.cpp b/tests/auto/qsslsocket/tst_qsslsocket.cpp
index 0c12974..6c1dd8f 100644
--- a/tests/auto/qsslsocket/tst_qsslsocket.cpp
+++ b/tests/auto/qsslsocket/tst_qsslsocket.cpp
@@ -1072,6 +1072,7 @@ void tst_QSslSocket::wildcardCertificateNames()
QCOMPARE( QSslSocketBackendPrivate::isMatchingHostname(QString("*.example.com"), QString("www.example.com")), true );
QCOMPARE( QSslSocketBackendPrivate::isMatchingHostname(QString("xxx*.example.com"), QString("xxxwww.example.com")), true );
QCOMPARE( QSslSocketBackendPrivate::isMatchingHostname(QString("f*.example.com"), QString("foo.example.com")), true );
+ QCOMPARE( QSslSocketBackendPrivate::isMatchingHostname(QString("192.168.0.0"), QString("192.168.0.0")), true );
// Failing CN matches
QCOMPARE( QSslSocketBackendPrivate::isMatchingHostname(QString("xxx.example.com"), QString("www.example.com")), false );
@@ -1085,6 +1086,7 @@ void tst_QSslSocket::wildcardCertificateNames()
QCOMPARE( QSslSocketBackendPrivate::isMatchingHostname(QString("*.example."), QString("www.example")), false );
QCOMPARE( QSslSocketBackendPrivate::isMatchingHostname(QString(""), QString("www")), false );
QCOMPARE( QSslSocketBackendPrivate::isMatchingHostname(QString("*"), QString("www")), false );
+ QCOMPARE( QSslSocketBackendPrivate::isMatchingHostname(QString("*.168.0.0"), QString("192.168.0.0")), false );
}
void tst_QSslSocket::wildcard()