Fix off-by-one in wildcard SAN checking

Signed-off-by: DL6ER <[email protected]>
pi-hole · Feb 26, 2025 · 0bd03ce · 0bd03ce
1 parent a0e4cc9
commit 0bd03ce
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/webserver/x509.c b/src/webserver/x509.c
@@ -366,7 +366,7 @@ static bool check_wildcard_domain(const char *domain, char *san, const size_t sa
 	// Attention: The SAN is not NUL-terminated, so we need to
 	//            use the length field
 	const char *wild_domain = domain + domain_len - san_len + 1;
-	return strncasecmp(wild_domain, san + 1, san_len) == 0;
+	return strncasecmp(wild_domain, san + 1, san_len - 1) == 0;
 }
 
 // This function reads a X.509 certificate from a file and prints a