diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2021-11-02 13:59:30 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2021-11-02 13:59:30 +0000 |
| commit | 142f9de6f2a377d8b327148f71baf70464baccda (patch) | |
| tree | 51610d033ad768110963ea54e3a4e33c8d154091 | |
| parent | 3ff7a54d0e55535cade838c7d16adef5600f090e (diff) | |
Do not take the strlen() of a NULL name. Defer the CBS_init() to later.
Found the hard way by sthen.
ok sthen
| -rw-r--r-- | lib/libssl/s3_lib.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index c4d68f654e3..497dea6f083 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.218 2021/11/01 16:45:56 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.219 2021/11/02 13:59:29 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1789,14 +1789,14 @@ _SSL_set_tlsext_host_name(SSL *s, const char *name) int is_ip; CBS cbs; - CBS_init(&cbs, name, strlen(name)); - free(s->tlsext_hostname); s->tlsext_hostname = NULL; if (name == NULL) return 1; + CBS_init(&cbs, name, strlen(name)); + if (!tlsext_sni_is_valid_hostname(&cbs, &is_ip)) { SSLerror(s, SSL_R_SSL3_EXT_INVALID_SERVERNAME); return 0; |