From ceb4da6626ce94d75b2aefd0f24c6d0fd74f45f9 Mon Sep 17 00:00:00 2001
From: Roland Shoemaker <bracewell@google.com>
Date: Mon, 23 Mar 2026 10:22:34 -0700
Subject: [release-branch.go1.26] crypto/x509: fix wildcard constraint map case
 sensitivity

When applying excluded constraints to wildcard DNS SANs, the constraint
checking implementation did not normalize the case of the constraint nor
the SAN, which could lead to incorrect constraint checking results. This
change lowercases both the constraint and the SAN before checking for
matches, ensuring that constraint checking is case-insensitive as
intended.

Thanks to Riyas from Saintgits College of Engineering for reporting this
issue.

Fixes #78332
Fixes CVE-2026-33810

Change-Id: Id27792c8ed4c40f2810bad8dbd8d5d520cb465bb
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3860
Reviewed-by: Neal Patel <nealpatel@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3984
Commit-Queue: Damien Neil <dneil@google.com>
Reviewed-by: Nicholas Husin <husin@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/763544
Auto-Submit: Gopher Robot <gobot@golang.org>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
TryBot-Bypass: Gopher Robot <gobot@golang.org>
---
 src/crypto/x509/constraints.go           |  2 ++
 src/crypto/x509/name_constraints_test.go | 22 ++++++++++++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/src/crypto/x509/constraints.go b/src/crypto/x509/constraints.go
index 83bfbcb2ef..b7eb1e0f57 100644
--- a/src/crypto/x509/constraints.go
+++ b/src/crypto/x509/constraints.go
@@ -351,6 +351,7 @@ func newDNSConstraints(l []string, permitted bool) interface{ query(string) (str
 	if !permitted {
 		parentConstraints := map[string]string{}
 		for _, name := range nc.constraints.set {
+			name = strings.ToLower(name)
 			trimmedName := trimFirstLabel(name)
 			if trimmedName == "" {
 				continue
@@ -376,6 +377,7 @@ func (dnc *dnsConstraints) query(s string) (string, bool) {
 	}
 
 	if !dnc.permitted && len(s) > 0 && s[0] == '*' {
+		s = strings.ToLower(s)
 		trimmed := trimFirstLabel(s)
 		if constraint, found := dnc.parentConstraints[trimmed]; found {
 			return constraint, true
diff --git a/src/crypto/x509/name_constraints_test.go b/src/crypto/x509/name_constraints_test.go
index 3e205e5caf..97a2420a7f 100644
--- a/src/crypto/x509/name_constraints_test.go
+++ b/src/crypto/x509/name_constraints_test.go
@@ -1656,6 +1656,28 @@ var nameConstraintsTests = []nameConstraintsTest{
 			sans: []string{"dns:"},
 		},
 	},
+	{
+		name: "subdomain exclusion blocks uppercase wildcard",
+		roots: []constraintsSpec{{
+			bad: []string{"dns:sub.example.com"},
+		}},
+		intermediates: [][]constraintsSpec{{{}}},
+		leaf: leafSpec{
+			sans: []string{"dns:*.EXAMPLE.COM"},
+		},
+		expectedError: "\"*.EXAMPLE.COM\" is excluded by constraint \"sub.example.com\"",
+	},
+	{
+		name: "uppercase subdomain exclusion blocks lowercase wildcard",
+		roots: []constraintsSpec{{
+			bad: []string{"dns:SUB.EXAMPLE.COM"},
+		}},
+		intermediates: [][]constraintsSpec{{{}}},
+		leaf: leafSpec{
+			sans: []string{"dns:*.example.com"},
+		},
+		expectedError: "\"*.example.com\" is excluded by constraint \"sub.example.com\"",
+	},
 }
 
 func makeConstraintsCACert(constraints constraintsSpec, name string, key *ecdsa.PrivateKey, parent *Certificate, parentKey *ecdsa.PrivateKey) (*Certificate, error) {
-- 
cgit v1.3