From 12a5d609ed535ca507ce00217fff3cc8f67f9e5c Mon Sep 17 00:00:00 2001
From: tb <>
Date: Mon, 24 Jan 2022 13:49:50 +0000
Subject: Avoid use of uninitialized in tlsext_sni_server_parse()

If the hostname is too long, tlsext_sni_is_valid_hostname() will fail
without having initialized *is_ip. As a result, the garbage value could
lead to accepting (but otherwise ignoring) overlong and possibly invalid
hostnames without erroring in tlsext_sni_server_parse().

ok inoguchi jsing
---
 src/lib/libssl/ssl_tlsext.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index 69f8ddbc40..8070296d9f 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.108 2022/01/11 18:28:41 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.109 2022/01/24 13:49:50 tb Exp $ */
 /*
  * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -714,6 +714,8 @@ tlsext_sni_is_valid_hostname(CBS *cbs, int *is_ip)
 	int component = 0;
 	CBS hostname;
 
+	*is_ip = 0;
+
 	CBS_dup(cbs, &hostname);
 
 	if (CBS_len(&hostname) > TLSEXT_MAXLEN_host_name)
-- 
cgit v1.2.3-55-g6feb