diff options
author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2016-01-16 12:57:24 -0500 |
---|---|---|
committer | Viktor Dukhovni <openssl-users@dukhovni.org> | 2016-01-16 17:15:28 -0500 |
commit | 0982ecaaee78a106c5db440317b0a8a9c0022bed (patch) | |
tree | 4b7d030b691436c4b6d9ad0715e08d46549be6bd /crypto | |
parent | ecdd0ff733985fb573d687fe85fa533f62f6cfd8 (diff) |
Empty SNI names are not valid
While empty inputs to SSL_set1_host() clear the reference identifier
list.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/x509/x509_vpm.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 827360d622..8826fecf48 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -92,11 +92,11 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM *vpm, int mode, * Refuse names with embedded NUL bytes, except perhaps as final byte. * XXX: Do we need to push an error onto the error stack? */ - if (namelen == 0) + if (namelen == 0 || name == NULL) namelen = name ? strlen(name) : 0; else if (name && memchr(name, '\0', namelen > 1 ? namelen - 1 : namelen)) return 0; - if (name && name[namelen - 1] == '\0') + if (namelen > 0 && name[namelen - 1] == '\0') --namelen; if (mode == SET_HOST) { |