Fix some stylistic nits from jsing.

ok jsing
author: tb <> 2020-05-24 15:13:22 +0000
committer: tb <> 2020-05-24 15:13:22 +0000
commit: 6b123c2514b62068e195a1c693bfc13d5b796a74 (patch)
tree: ea891a4c457e6d5d0f2d1b7697f04e935ecf1481
parent: 2212d9a0f501cbdaf1b71d000f925fb3778b99fd (diff)
download: openbsd-6b123c2514b62068e195a1c693bfc13d5b796a74.tar.gz
openbsd-6b123c2514b62068e195a1c693bfc13d5b796a74.tar.bz2
openbsd-6b123c2514b62068e195a1c693bfc13d5b796a74.zip
1 files changed, 11 insertions, 8 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index 2184e65a2c..e6e0e7a92d 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.72 2020/05/23 17:13:24 beck Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.73 2020/05/24 15:13:22 tb Exp $ */
 /*
 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -17,9 +17,10 @@
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
-#include <openssl/ocsp.h>
 #include <ctype.h>
+#include <openssl/ocsp.h>
 #include "ssl_locl.h"
 #include "bytestring.h"
@@ -674,8 +675,8 @@ tlsext_sni_client_build(SSL *s, CBB *cbb)
 }
 /*
- * Does the CBS contain only of a hostname consisting of RFC 5890
+ * Validate that the CBS contains only a hostname consisting of RFC 5890
- * compliant A-labels? (see RFC 6066 section 3). Not a complete check
+ * compliant A-labels (see RFC 6066 section 3). Not a complete check
 * since we don't parse punycode to verify its validity but limits to
 * correct structure and character set.
 */
@@ -686,10 +687,11 @@ tlsext_sni_is_valid_hostname(CBS *cbs)
        int component = 0;
        CBS hostname;
-        if (CBS_len(cbs) > TLSEXT_MAXLEN_host_name)
+        CBS_dup(cbs, &hostname);
+        if (CBS_len(&hostname) > TLSEXT_MAXLEN_host_name)
                return 0;
-        CBS_dup(cbs, &hostname);
        while(CBS_len(&hostname) > 0) {
                prev = c;
                if (!CBS_get_u8(&hostname, &c))
@@ -698,7 +700,7 @@ tlsext_sni_is_valid_hostname(CBS *cbs)
                if (!isascii(c) || c == '\0')
                        return 0;
                /* It must be alphanumeric, a '-', or a '.' */
-                if (!(isalnum(c) || c == '-' || c == '.'))
+                if (!isalnum(c) && c != '-' && c != '.')
                        return 0;
                /* '-' and '.' must not start a component or be at the end. */
                if (component == 0 || CBS_len(&hostname) == 0) {
@@ -717,6 +719,7 @@ tlsext_sni_is_valid_hostname(CBS *cbs)
                if (++component > 63)
                        return 0;
        }
        return 1;
 }
@@ -748,7 +751,7 @@ tlsext_sni_server_parse(SSL *s, CBS *cbs, int *alert)
         * RFC 6066 section 3 specifies a host name must be at least 1 byte
         * so 0 length is a decode error.
         */
-        if (CBS_len(&host_name) == 0)
+        if (CBS_len(&host_name) < 1)
                goto err;
        if (!tlsext_sni_is_valid_hostname(&host_name)) {
author	tb <>	2020-05-24 15:13:22 +0000
committer	tb <>	2020-05-24 15:13:22 +0000
commit	6b123c2514b62068e195a1c693bfc13d5b796a74 (patch)
tree	ea891a4c457e6d5d0f2d1b7697f04e935ecf1481
parent	2212d9a0f501cbdaf1b71d000f925fb3778b99fd (diff)
download	openbsd-6b123c2514b62068e195a1c693bfc13d5b796a74.tar.gz openbsd-6b123c2514b62068e195a1c693bfc13d5b796a74.tar.bz2 openbsd-6b123c2514b62068e195a1c693bfc13d5b796a74.zip