Merge pull request #2293 from pi-hole/fix/san_wildcard

Fix off-by-one in wildcard SAN checking
pi-hole · Feb 27, 2025 · 0d8251b · 0d8251b
2 parents 3158465 + 0bd03ce
commit 0d8251b
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/webserver/x509.c b/src/webserver/x509.c
@@ -366,7 +366,7 @@ static bool check_wildcard_domain(const char *domain, char *san, const size_t sa
 	// Attention: The SAN is not NUL-terminated, so we need to
 	//            use the length field
 	const char *wild_domain = domain + domain_len - san_len + 1;
-	return strncasecmp(wild_domain, san + 1, san_len) == 0;
+	return strncasecmp(wild_domain, san + 1, san_len - 1) == 0;
 }
 
 // This function reads a X.509 certificate from a file and prints a