[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Sun Jan 17 22:10:41 UTC 2016

The branch OpenSSL_1_0_2-stable has been updated
       via  4d6fe78f65be650c84e14777c90e7a088f7a44ce (commit)
      from  15debc128ac13420a4eec9b4a66d72f1dfd69126 (commit)


- Log -----------------------------------------------------------------
commit 4d6fe78f65be650c84e14777c90e7a088f7a44ce
Author: Viktor Dukhovni <openssl-users at dukhovni.org>
Date:   Sat Jan 16 12:57:24 2016 -0500

    Empty SNI names are not valid
    
    While empty inputs to SSL_set1_host() clear the reference identifier
    list.
    
    (cherry-picked from 1.1.0-dev)
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/x509/x509_vpm.c | 4 ++--
 ssl/s3_lib.c           | 5 ++++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 592a8a5..1ac15a8 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -94,11 +94,11 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
      * Refuse names with embedded NUL bytes, except perhaps as final byte.
      * XXX: Do we need to push an error onto the error stack?
      */
-    if (namelen == 0)
+    if (namelen == 0 || name == NULL)
         namelen = name ? strlen(name) : 0;
     else if (name && memchr(name, '\0', namelen > 1 ? namelen - 1 : namelen))
         return 0;
-    if (name && name[namelen - 1] == '\0')
+    if (namelen > 0 && name[namelen - 1] == '\0')
         --namelen;
 
     if (mode == SET_HOST && id->hosts) {
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 64793d6..5970e61 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3263,6 +3263,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 #ifndef OPENSSL_NO_TLSEXT
     case SSL_CTRL_SET_TLSEXT_HOSTNAME:
         if (larg == TLSEXT_NAMETYPE_host_name) {
+            size_t len;
+
             if (s->tlsext_hostname != NULL)
                 OPENSSL_free(s->tlsext_hostname);
             s->tlsext_hostname = NULL;
@@ -3270,7 +3272,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
             ret = 1;
             if (parg == NULL)
                 break;
-            if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) {
+            len = strlen((char *)parg);
+            if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
                 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
                 return 0;
             }
