[balsa] Check the certificate more carefully.

[Pawel Salek <pawels src gnome org>]

commit eefb4b9c0cb2b15a91d5faa3ce2516c64bb39459
Author: Pawel Salek <pawsa damage localdomain>
Date:   Sun Jan 17 22:38:18 2010 +0100

    Check the certificate more carefully.

 ChangeLog                |    5 +++++
 libbalsa/imap/imap-tls.c |   10 ++++++++--
 2 files changed, 13 insertions(+), 2 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index 6df9d06..a4344a9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2010-01-17  Pawel Salek
+
+	* libbalsa/imap/imap-tls.c: check also the length when matching
+	the host name vs the one in the certificate.
+
 2010-01-17  Peter Bloomfield
 
 	* src/main-window.c: close the new-mail notification instead of
diff --git a/libbalsa/imap/imap-tls.c b/libbalsa/imap/imap-tls.c
index 7e8e87f..ce5be11 100644
--- a/libbalsa/imap/imap-tls.c
+++ b/libbalsa/imap/imap-tls.c
@@ -302,10 +302,16 @@ imap_check_server_identity(SSL *ssl, const char *host,
   }
   if(!ok) { /* matching by subjectAltName failed, try commonName */
     char data[256];
+    size_t name_len;
     if( (subj = X509_get_subject_name(cert)) &&
-        X509_NAME_get_text_by_NID(subj, NID_commonName, data, sizeof(data))>0){
+        (name_len = 
+         X509_NAME_get_text_by_NID(subj, NID_commonName, data, sizeof(data)))){
       data[sizeof(data)-1] = 0;
-      if(host_matches_domain(host, data, host_len))
+
+      /* Remember to check whether there was no truncation or NUL
+         characters embedded in the text. */
+      if(name_len == strlen(data) &&
+         host_matches_domain(host, data, host_len))
         ok =1;
     }
   }