Empty SNI names are not valid

While empty inputs to SSL_set1_host() clear the reference identifier list. Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Viktor Dukhovni <openssl-users@dukhovni.org> 2016-01-16 12:57:24 -0500
committer: Viktor Dukhovni <openssl-users@dukhovni.org> 2016-01-16 17:15:28 -0500
commit: 0982ecaaee78a106c5db440317b0a8a9c0022bed (patch)
tree: 4b7d030b691436c4b6d9ad0715e08d46549be6bd /crypto
parent: ecdd0ff733985fb573d687fe85fa533f62f6cfd8 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 827360d622..8826fecf48 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -92,11 +92,11 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM *vpm, int mode,
      * Refuse names with embedded NUL bytes, except perhaps as final byte.
      * XXX: Do we need to push an error onto the error stack?
      */
-    if (namelen == 0)
+    if (namelen == 0 || name == NULL)
         namelen = name ? strlen(name) : 0;
     else if (name && memchr(name, '\0', namelen > 1 ? namelen - 1 : namelen))
         return 0;
-    if (name && name[namelen - 1] == '\0')
+    if (namelen > 0 && name[namelen - 1] == '\0')
         --namelen;
 
     if (mode == SET_HOST) {
author	Viktor Dukhovni <openssl-users@dukhovni.org>	2016-01-16 12:57:24 -0500
committer	Viktor Dukhovni <openssl-users@dukhovni.org>	2016-01-16 17:15:28 -0500
commit	0982ecaaee78a106c5db440317b0a8a9c0022bed (patch)
tree	4b7d030b691436c4b6d9ad0715e08d46549be6bd /crypto
parent	ecdd0ff733985fb573d687fe85fa533f62f6cfd8 (diff)