From f18a41c84bb573607eaab9fec0c070cd159493f0 Mon Sep 17 00:00:00 2001
From: Valentin Bartenev <vbart@nginx.com>
Date: Wed, 24 Mar 2021 16:38:05 +0300
Subject: Certficates: fixed counting DNS SAN entries.

Previously, entries of any type were counted during object allocation
but only DNS type entries were actually processed.  As a result,
if some certificate entries had another type, returning information
about the certificate caused uninitialized memory access.
---
 src/nxt_cert.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/nxt_cert.c b/src/nxt_cert.c
index 357a9211..0b986b0d 100644
--- a/src/nxt_cert.c
+++ b/src/nxt_cert.c
@@ -722,13 +722,16 @@ nxt_cert_name_details(nxt_mp_t *mp, X509 *x509, nxt_bool_t issuer)
 
     if (alt_names != NULL) {
         count = sk_GENERAL_NAME_num(alt_names);
+        n = 0;
 
-        for (n = 0; n != count; n++) {
-            name = sk_GENERAL_NAME_value(alt_names, n);
+        for (i = 0; i != count; i++) {
+            name = sk_GENERAL_NAME_value(alt_names, i);
 
             if (name->type != GEN_DNS) {
                 continue;
             }
+
+            n++;
         }
 
         names = nxt_conf_create_array(mp, n);
-- 
cgit