diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2022-01-24 13:49:51 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2022-01-24 13:49:51 +0000 |
| commit | ff5be747155d5169269906be49ced628d25a6a3c (patch) | |
| tree | a44c5af38375a5c83beb194e3ad882f0e01aea5e | |
| parent | 8214fd55c7086be768458ec2e27ab6ec91662528 (diff) | |
Avoid use of uninitialized in tlsext_sni_server_parse()
If the hostname is too long, tlsext_sni_is_valid_hostname() will fail
without having initialized *is_ip. As a result, the garbage value could
lead to accepting (but otherwise ignoring) overlong and possibly invalid
hostnames without erroring in tlsext_sni_server_parse().
ok inoguchi jsing
| -rw-r--r-- | lib/libssl/ssl_tlsext.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c index 69f8ddbc40a..8070296d9f6 100644 --- a/lib/libssl/ssl_tlsext.c +++ b/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.108 2022/01/11 18:28:41 jsing Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.109 2022/01/24 13:49:50 tb Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> @@ -714,6 +714,8 @@ tlsext_sni_is_valid_hostname(CBS *cbs, int *is_ip) int component = 0; CBS hostname; + *is_ip = 0; + CBS_dup(cbs, &hostname); if (CBS_len(&hostname) > TLSEXT_MAXLEN_host_name) |