From 861cb5567903704da143ec766cc7858c5a7e0188 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Tue, 2 Nov 2021 13:59:29 +0000
Subject: Do not take the strlen() of a NULL name. Defer the CBS_init() to
 later. Found the hard way by sthen.

ok sthen
---
 src/lib/libssl/s3_lib.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index c4d68f654e..497dea6f08 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.218 2021/11/01 16:45:56 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.219 2021/11/02 13:59:29 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1789,14 +1789,14 @@ _SSL_set_tlsext_host_name(SSL *s, const char *name)
 	int is_ip;
 	CBS cbs;
 
-	CBS_init(&cbs, name, strlen(name));
-
 	free(s->tlsext_hostname);
 	s->tlsext_hostname = NULL;
 
 	if (name == NULL)
 		return 1;
 
+	CBS_init(&cbs, name, strlen(name));
+
 	if (!tlsext_sni_is_valid_hostname(&cbs, &is_ip)) {
 		SSLerror(s, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
 		return 0;
-- 
cgit v1.2.3-55-g6feb