diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-05-12 10:58:58 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-05-12 10:59:01 +0200 |
commit | 27ccb70576f9ec4253414b49a16e192286ca9123 (patch) | |
tree | 0868f8590de55e05848b47948ae63c57762cea34 | |
parent | f1765c937c023de96d99f7ae143fb2d3058b8fb0 (diff) | |
download | gnutls-27ccb70576f9ec4253414b49a16e192286ca9123.tar.gz |
server_name: only save the supported server names in the session
Invalid server names with embedded nulls and unsupported types
are not saved.
-rw-r--r-- | lib/ext/server_name.c | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/lib/ext/server_name.c b/lib/ext/server_name.c index 25f714b85f..237eb019bd 100644 --- a/lib/ext/server_name.c +++ b/lib/ext/server_name.c @@ -68,7 +68,7 @@ static int _gnutls_server_name_recv_params(gnutls_session_t session, const uint8_t * data, size_t _data_size) { - int i; + int i, j; const unsigned char *p; uint16_t len, type; ssize_t data_size = _data_size; @@ -128,10 +128,8 @@ _gnutls_server_name_recv_params(gnutls_session_t session, return GNUTLS_E_MEMORY_ERROR; } - priv->server_names_size = server_names; - p = data + 2; - for (i = 0; i < server_names; i++) { + for (j = i = 0; i < server_names; i++) { type = *p; p++; @@ -141,13 +139,17 @@ _gnutls_server_name_recv_params(gnutls_session_t session, switch (type) { case 0: /* NAME_DNS */ if (len < MAX_SERVER_NAME_SIZE) { - memcpy(priv->server_names[i].name, + memcpy(priv->server_names[j].name, p, len); - priv->server_names[i].name[len] = 0; - priv->server_names[i].name_length = - len; - priv->server_names[i].type = - GNUTLS_NAME_DNS; + priv->server_names[j].name[len] = 0; + priv->server_names[j].name_length = + strlen((char*)priv->server_names[j].name); + if (priv->server_names[j].name_length == len) { + /* valid ascii with no embedded NULL */ + priv->server_names[j].type = + GNUTLS_NAME_DNS; + j++; + } break; } } @@ -156,6 +158,8 @@ _gnutls_server_name_recv_params(gnutls_session_t session, p += len; } + priv->server_names_size = j; + epriv = priv; _gnutls_ext_set_session_data(session, GNUTLS_EXTENSION_SERVER_NAME, @@ -185,7 +189,6 @@ _gnutls_server_name_send_params(gnutls_session_t session, if (ret < 0) return 0; - /* this function sends the client extension data (dnsname) */ if (session->security_parameters.entity == GNUTLS_CLIENT) { |