simono41/shellinabox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

sslSNICallback: Properly disallow invalid characters

Browse source 
Completely discard hostnames containing invalid characters, instead of
merely replacing the invalid characters with uninitialized memory.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
This commit is contained in:
Anders Kaseorg 2012-01-11 19:07:12 -05:00 committed by Marc Singer
parent db4137c890
commit 3115eb4995
1 changed files with 2 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
libhttp/ssl.c
View file

@ -572,18 +572,14 @@ static int sslSNICallback(SSL *sslHndl, int *al ATTR_UNUSED,
} else if (ch != '\000' && ch != '.' && ch != '-' && } else if (ch != '\000' && ch != '.' && ch != '-' &&
(ch < '0' ||(ch > '9' && ch < 'A') || (ch > 'Z' && (ch < '0' ||(ch > '9' && ch < 'A') || (ch > 'Z' &&
ch < 'a')|| ch > 'z')) { ch < 'a')|| ch > 'z')) {
i++; free(serverName);
continue; return SSL_TLSEXT_ERR_OK;
} }
serverName[++i] = ch; serverName[++i] = ch;
if (!ch) { if (!ch) {
break; break;
} }
} }
if (!*serverName) {
free(serverName);
return SSL_TLSEXT_ERR_OK;
}
SSL_CTX *context = (SSL_CTX *)getFromTrie(&ssl->sniContexts, SSL_CTX *context = (SSL_CTX *)getFromTrie(&ssl->sniContexts,
serverName+1, serverName+1,
NULL); NULL);