Empty SNI names are not valid

Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Viktor Dukhovni <openssl-users@dukhovni.org> 2016-01-16 12:57:24 -0500
committer: Viktor Dukhovni <openssl-users@dukhovni.org> 2016-01-16 21:14:02 -0500
commit: e9a6c72e3c548be9d188292d1cd0ae56d7854d71 (patch)
tree: 00bf26ee7e07f9af041f1a2e543896194c0ccf95
parent: 00cebd11317344989aeb9025202c2536b1490856 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index f716d77c81..d3d8221b66 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3221,6 +3221,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 #ifndef OPENSSL_NO_TLSEXT
     case SSL_CTRL_SET_TLSEXT_HOSTNAME:
         if (larg == TLSEXT_NAMETYPE_host_name) {
+            size_t len;
+
             if (s->tlsext_hostname != NULL)
                 OPENSSL_free(s->tlsext_hostname);
             s->tlsext_hostname = NULL;
@@ -3228,7 +3230,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
             ret = 1;
             if (parg == NULL)
                 break;
-            if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) {
+            len = strlen((char *)parg);
+            if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
                 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
                 return 0;
             }
author	Viktor Dukhovni <openssl-users@dukhovni.org>	2016-01-16 12:57:24 -0500
committer	Viktor Dukhovni <openssl-users@dukhovni.org>	2016-01-16 21:14:02 -0500
commit	e9a6c72e3c548be9d188292d1cd0ae56d7854d71 (patch)
tree	00bf26ee7e07f9af041f1a2e543896194c0ccf95
parent	00cebd11317344989aeb9025202c2536b1490856 (diff)