Google Git
Sign in
boringssl/boringssl.git/e52d22d5f9dc439658746d25cb69702749ec3f67^!/.
commit
e52d22d5f9dc439658746d25cb69702749ec3f67
[log]
author
Steven Valdez <svaldez@chromium.org>
Wed Feb 24 10:44:54 2016 -0500
committer
David Benjamin <davidben@google.com>
Wed Feb 24 15:49:09 2016 +0000
tree
3c1dd7473a3f5e58ebb9512237dbb438d5756e83
parent
e412bbd9a15d812666291e38e194b71da6a2a062 [diff]
Empty SNI names are not valid

(Imported from upstream's 4d6fe78f65be650c84e14777c90e7a088f7a44ce)

Change-Id: Id28e0d49da2490e454dcb8603ccb93a506dfafaf
Reviewed-on: https://boringssl-review.googlesource.com/7206
Reviewed-by: David Benjamin <davidben@google.com>

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index b036b64..bbc2b21 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c

@@ -359,7 +359,9 @@
   if (name == NULL) {
     return 1;
   }
-  if (strlen(name) > TLSEXT_MAXLEN_host_name) {
+
+  size_t len = strlen(name);
+  if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
     return 0;
   }