diff options
author | Theo Buehler <tb@cvs.openbsd.org> | 2020-05-24 15:13:23 +0000 |
---|---|---|
committer | Theo Buehler <tb@cvs.openbsd.org> | 2020-05-24 15:13:23 +0000 |
commit | 8028ef169eb5c90707882110920b90b301c7a0d4 (patch) | |
tree | 131e5ebcbcff9a603f8801df355b606ca1bb1e04 /lib/libssl | |
parent | 7b6dbbd7ff370a2466fbe950c496721aeac3fff3 (diff) |
Fix some stylistic nits from jsing.
ok jsing
Diffstat (limited to 'lib/libssl')
-rw-r--r-- | lib/libssl/ssl_tlsext.c | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c index 2184e65a2c0..e6e0e7a92d6 100644 --- a/lib/libssl/ssl_tlsext.c +++ b/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.72 2020/05/23 17:13:24 beck Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.73 2020/05/24 15:13:22 tb Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> @@ -17,9 +17,10 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include <openssl/ocsp.h> #include <ctype.h> +#include <openssl/ocsp.h> + #include "ssl_locl.h" #include "bytestring.h" @@ -674,8 +675,8 @@ tlsext_sni_client_build(SSL *s, CBB *cbb) } /* - * Does the CBS contain only of a hostname consisting of RFC 5890 - * compliant A-labels? (see RFC 6066 section 3). Not a complete check + * Validate that the CBS contains only a hostname consisting of RFC 5890 + * compliant A-labels (see RFC 6066 section 3). Not a complete check * since we don't parse punycode to verify its validity but limits to * correct structure and character set. */ @@ -686,10 +687,11 @@ tlsext_sni_is_valid_hostname(CBS *cbs) int component = 0; CBS hostname; - if (CBS_len(cbs) > TLSEXT_MAXLEN_host_name) + CBS_dup(cbs, &hostname); + + if (CBS_len(&hostname) > TLSEXT_MAXLEN_host_name) return 0; - CBS_dup(cbs, &hostname); while(CBS_len(&hostname) > 0) { prev = c; if (!CBS_get_u8(&hostname, &c)) @@ -698,7 +700,7 @@ tlsext_sni_is_valid_hostname(CBS *cbs) if (!isascii(c) || c == '\0') return 0; /* It must be alphanumeric, a '-', or a '.' */ - if (!(isalnum(c) || c == '-' || c == '.')) + if (!isalnum(c) && c != '-' && c != '.') return 0; /* '-' and '.' must not start a component or be at the end. */ if (component == 0 || CBS_len(&hostname) == 0) { @@ -717,6 +719,7 @@ tlsext_sni_is_valid_hostname(CBS *cbs) if (++component > 63) return 0; } + return 1; } @@ -748,7 +751,7 @@ tlsext_sni_server_parse(SSL *s, CBS *cbs, int *alert) * RFC 6066 section 3 specifies a host name must be at least 1 byte * so 0 length is a decode error. */ - if (CBS_len(&host_name) == 0) + if (CBS_len(&host_name) < 1) goto err; if (!tlsext_sni_is_valid_hostname(&host_name)) { |