Empty SNI names are not valid

author Viktor Dukhovni <openssl-users@dukhovni.org>

Sat, 16 Jan 2016 17:57:24 +0000 (12:57 -0500)

committer Viktor Dukhovni <openssl-users@dukhovni.org>

Sun, 17 Jan 2016 02:14:02 +0000 (21:14 -0500)
author Viktor Dukhovni <openssl-users@dukhovni.org>
Sat, 16 Jan 2016 17:57:24 +0000 (12:57 -0500)
committer Viktor Dukhovni <openssl-users@dukhovni.org>
Sun, 17 Jan 2016 02:14:02 +0000 (21:14 -0500)
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c

index f716d77c812b76823fa61bd3b896640368209b68..d3d8221b661ab6fa4ce6c914f70d2432c93f0bc5 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3221,6 +3221,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
  #ifndef OPENSSL_NO_TLSEXT
      case SSL_CTRL_SET_TLSEXT_HOSTNAME:
          if (larg == TLSEXT_NAMETYPE_host_name) {
+            size_t len;
+
              if (s->tlsext_hostname != NULL)
                  OPENSSL_free(s->tlsext_hostname);
              s->tlsext_hostname = NULL;
@@ -3228,7 +3230,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
              ret = 1;
              if (parg == NULL)
                  break;
-            if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) {
+            len = strlen((char *)parg);
+            if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
                  SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
                  return 0;
              }
author	Viktor Dukhovni <openssl-users@dukhovni.org>
	Sat, 16 Jan 2016 17:57:24 +0000 (12:57 -0500)
committer	Viktor Dukhovni <openssl-users@dukhovni.org>
	Sun, 17 Jan 2016 02:14:02 +0000 (21:14 -0500)