diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-05-12 10:58:58 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-05-12 11:25:41 +0200 |
commit | 9fa10db69441caf8957467c1cbaab4fbad8f9e0f (patch) | |
tree | 88045b6578e5c2e75020b8c7108afa18ebb991cf | |
parent | fc6028852da0b2433278a78d72c09e55d5c7e996 (diff) | |
download | gnutls-9fa10db69441caf8957467c1cbaab4fbad8f9e0f.tar.gz |
server_name: only save the supported server names in the session
Invalid server names with embedded nulls and unsupported types
are not saved.
-rw-r--r-- | lib/ext/server_name.c | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/lib/ext/server_name.c b/lib/ext/server_name.c index ef724ad13a..bef9db04b1 100644 --- a/lib/ext/server_name.c +++ b/lib/ext/server_name.c @@ -68,7 +68,7 @@ static int _gnutls_server_name_recv_params(gnutls_session_t session, const uint8_t * data, size_t _data_size) { - int i; + int i, j; const unsigned char *p; uint16_t len, type; ssize_t data_size = _data_size; @@ -128,10 +128,8 @@ _gnutls_server_name_recv_params(gnutls_session_t session, return GNUTLS_E_MEMORY_ERROR; } - priv->server_names_size = server_names; - p = data + 2; - for (i = 0; i < server_names; i++) { + for (j = i = 0; i < server_names; i++) { type = *p; p++; @@ -141,13 +139,17 @@ _gnutls_server_name_recv_params(gnutls_session_t session, switch (type) { case 0: /* NAME_DNS */ if (len < MAX_SERVER_NAME_SIZE) { - memcpy(priv->server_names[i].name, + memcpy(priv->server_names[j].name, p, len); - priv->server_names[i].name[len] = 0; - priv->server_names[i].name_length = - len; - priv->server_names[i].type = - GNUTLS_NAME_DNS; + priv->server_names[j].name[len] = 0; + priv->server_names[j].name_length = + strlen((char*)priv->server_names[j].name); + if (priv->server_names[j].name_length == len) { + /* valid ascii with no embedded NULL */ + priv->server_names[j].type = + GNUTLS_NAME_DNS; + j++; + } break; } } @@ -156,6 +158,8 @@ _gnutls_server_name_recv_params(gnutls_session_t session, p += len; } + priv->server_names_size = j; + epriv = priv; _gnutls_ext_set_session_data(session, GNUTLS_EXTENSION_SERVER_NAME, @@ -185,7 +189,6 @@ _gnutls_server_name_send_params(gnutls_session_t session, if (ret < 0) return 0; - /* this function sends the client extension data (dnsname) */ if (session->security_parameters.entity == GNUTLS_CLIENT) { |