From 67d4f3c8f39f22a61ab9097163081d1a31e8d5a9 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Wed, 4 Jun 2008 08:21:08 +0200
Subject: bugfix: off-by-one bug during certificate check

---
 ChangeLog     | 1 +
 runtime/net.c | 6 ++++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index ef7daee0..c2d6312a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,7 @@
 Version 3.19.6 (rgerhards), 2008-06-??
 - bugfix: part of permittedPeer structure was not correctly initialized
   thanks to varmojfekoj for spotting this
+- bugfix: off-by-one bug during certificate check
 ---------------------------------------------------------------------------
 Version 3.19.5 (rgerhards), 2008-05-30
 - enabled Posix ERE expressions inside the property replacer
diff --git a/runtime/net.c b/runtime/net.c
index 89e0838b..c3252269 100644
--- a/runtime/net.c
+++ b/runtime/net.c
@@ -287,8 +287,8 @@ PermittedPeerWildcardCompile(permittedPeers_t *pPeer)
 	 * of the text (it is supported at the start or end only).
 	 */
 	pPeer->etryType = PERM_PEER_TYPE_WILDCARD;
-
-	for(pC = pPeer->pszID ; *pC != '\0' ; ++pC) {
+	pC = pPeer->pszID;
+	while(*pC != '\0') {
 		pStart = pC;
 		/* find end of domain component */
 		for( ; *pC != '\0' && *pC != '.' ; ++pC)
@@ -299,6 +299,8 @@ PermittedPeerWildcardCompile(permittedPeers_t *pPeer)
 			/* pStart is a dummy, it is not used if length is 0 */
 			CHKiRet(AddPermittedPeerWildcard(pPeer, pStart, 0)); 
 		}
+		if(*pC != '\0')
+			++pC;
 	}
 
 finalize_it:
-- 
cgit v1.2.3