[openssl-commits] [openssl] OpenSSL_1_0_1-stable update
Viktor Dukhovni
viktor at openssl.org
Sun Jan 17 02:14:35 UTC 2016
The branch OpenSSL_1_0_1-stable has been updated
via e9a6c72e3c548be9d188292d1cd0ae56d7854d71 (commit)
from 00cebd11317344989aeb9025202c2536b1490856 (commit)
- Log -----------------------------------------------------------------
commit e9a6c72e3c548be9d188292d1cd0ae56d7854d71
Author: Viktor Dukhovni <openssl-users at dukhovni.org>
Date: Sat Jan 16 12:57:24 2016 -0500
Empty SNI names are not valid
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/s3_lib.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index f716d77..d3d8221 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3221,6 +3221,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
#ifndef OPENSSL_NO_TLSEXT
case SSL_CTRL_SET_TLSEXT_HOSTNAME:
if (larg == TLSEXT_NAMETYPE_host_name) {
+ size_t len;
+
if (s->tlsext_hostname != NULL)
OPENSSL_free(s->tlsext_hostname);
s->tlsext_hostname = NULL;
@@ -3228,7 +3230,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
ret = 1;
if (parg == NULL)
break;
- if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) {
+ len = strlen((char *)parg);
+ if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
return 0;
}
More information about the openssl-commits
mailing list