diff options
| author | tb <> | 2022-01-24 13:49:50 +0000 |
|---|---|---|
| committer | tb <> | 2022-01-24 13:49:50 +0000 |
| commit | 9210bb33be202e5d504f07e28f4c2166cb8388f4 (patch) | |
| tree | c3b4b67dcc7a47346bcf780fdc92a1429e2e9c10 /src | |
| parent | 1de5f61defd3d7adbd82fc31ea2c09b4b1929b0d (diff) | |
| download | openbsd-9210bb33be202e5d504f07e28f4c2166cb8388f4.tar.gz openbsd-9210bb33be202e5d504f07e28f4c2166cb8388f4.tar.bz2 openbsd-9210bb33be202e5d504f07e28f4c2166cb8388f4.zip | |
Avoid use of uninitialized in tlsext_sni_server_parse()
If the hostname is too long, tlsext_sni_is_valid_hostname() will fail
without having initialized *is_ip. As a result, the garbage value could
lead to accepting (but otherwise ignoring) overlong and possibly invalid
hostnames without erroring in tlsext_sni_server_parse().
ok inoguchi jsing
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/ssl_tlsext.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index 69f8ddbc40..8070296d9f 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_tlsext.c,v 1.108 2022/01/11 18:28:41 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_tlsext.c,v 1.109 2022/01/24 13:49:50 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> | 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> |
| @@ -714,6 +714,8 @@ tlsext_sni_is_valid_hostname(CBS *cbs, int *is_ip) | |||
| 714 | int component = 0; | 714 | int component = 0; |
| 715 | CBS hostname; | 715 | CBS hostname; |
| 716 | 716 | ||
| 717 | *is_ip = 0; | ||
| 718 | |||
| 717 | CBS_dup(cbs, &hostname); | 719 | CBS_dup(cbs, &hostname); |
| 718 | 720 | ||
| 719 | if (CBS_len(&hostname) > TLSEXT_MAXLEN_host_name) | 721 | if (CBS_len(&hostname) > TLSEXT_MAXLEN_host_name) |