Fix check_wildcard() calling convention

We shouldn't return a surprising value in case there is no wildcard and then rely on the caller to ensure that this doesn't happen
Mbed-TLS · Oct 18, 2017 · 900fba6 · 900fba6
1 parent 08eacec
commit 900fba6
Showing 1 changed file with 3 additions and 4 deletions.
diff --git a/library/x509_crt.c b/library/x509_crt.c
@@ -1770,8 +1770,9 @@ static int x509_check_wildcard( const char *cn, const mbedtls_x509_buf *name )
     size_t i;
     size_t cn_idx = 0, cn_len = strlen( cn );
 
+    /* We can't have a match if there is no wildcard to match */
     if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' )
-        return( 0 );
+        return( -1 );
 
     for( i = 0; i < cn_len; ++i )
     {
@@ -2194,9 +2195,7 @@ static int x509_crt_check_cn( const mbedtls_x509_buf *name,
     }
 
     /* try wildcard match */
-    if( name->len > 2 &&
-        memcmp( name->p, "*.", 2 ) == 0 &&
-        x509_check_wildcard( cn, name ) == 0 )
+    if( x509_check_wildcard( cn, name ) == 0 )
     {
         return( 0 );
     }