From 76c52c31fbfd78ea2a47ab1a6b4f9bb07fe35c05 Mon Sep 17 00:00:00 2001
From: Kareem <kareem@wolfssl.com>
Date: Mon, 16 Mar 2026 16:21:47 -0700
Subject: [PATCH] Disallow wildcard partial domains when using MatchDomainName.

---
 src/internal.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index 7897a294bfa..a1ea65a9394 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -13199,6 +13199,11 @@ int MatchDomainName(const char* pattern, int patternLen, const char* str,
 
             /* Only single wildcard allowed with strict left only */
             if (leftWildcardOnly) {
+                /* For the left wildcard only case, disallow wildcards with
+                 * the pattern *domain.com and only allow *.domain.com. */
+                if (patternLen > 0 && *pattern != '.')
+                    return 0;
+
                 wildcardEligible = 0;
             }