Fix parsing of Subject Alternate Names in Qt.

Simple misuse of QLatin1String. Use QString::fromLatin1 instead and
avoid the QByteArray temporary.

Reviewed-by: Andreas Aardal Hanssen
Tracking: CVE-2009-2700

1 files changed, 21 insertions, 0 deletions

diff --git a/tests/auto/qsslcertificate/tst_qsslcertificate.cpp b/tests/auto/qsslcertificate/tst_qsslcertificate.cpp
index 73d7afda04..37ee27769d 100644
--- a/tests/auto/qsslcertificate/tst_qsslcertificate.cpp
+++ b/tests/auto/qsslcertificate/tst_qsslcertificate.cpp
@@ -101,6 +101,7 @@ private slots:
     void certInfo();
     void task256066toPem();
     void nulInCN();
+    void nulInSan();
 // ### add tests for certificate bundles (multiple certificates concatenated into a single
 //     structure); both PEM and DER formatted
 #endif
@@ -744,6 +745,26 @@ void tst_QSslCertificate::nulInCN()
     QCOMPARE(cn, QString::fromLatin1(realCN, sizeof realCN - 1));
 }
 
+void tst_QSslCertificate::nulInSan()
+{
+    QList<QSslCertificate> certList =
+        QSslCertificate::fromPath(SRCDIR "more-certificates/badguy-nul-san.crt");
+    QCOMPARE(certList.size(), 1);
+
+    const QSslCertificate &cert = certList.at(0);
+    QVERIFY(!cert.isNull());
+
+    QMultiMap<QSsl::AlternateNameEntryType, QString> san = cert.alternateSubjectNames();
+    QVERIFY(!san.isEmpty());
+
+    QString dnssan = san.value(QSsl::DnsEntry);
+    QVERIFY(!dnssan.isEmpty());
+    QVERIFY(dnssan != "www.bank.com");
+
+    static const char realSAN[] = "www.bank.com\0.badguy.com";
+    QCOMPARE(dnssan, QString::fromLatin1(realSAN, sizeof realSAN - 1));
+}
+
 #endif // QT_NO_OPENSSL
 
 QTEST_MAIN(tst_QSslCertificate)