Reject if the ALPN callback returned an empty protocol. If the callback returns an empty ALPN, we forget we negotiated ALPN at all (bssl::Array does not distinguish null and empty). Empty ALPN protocols are forbidden anyway, so reject these ahead of time. Change-Id: I42f1fc4c843bc865e23fb2a2e5d57424b569ee99 Reviewed-on: https://boringssl-review.googlesource.com/28546 Reviewed-by: Adam Langley <agl@google.com>

commit: fa544f1c0510969e3a85871504b4b8d6c770bb62 [log] [tgz]
author: David Benjamin <davidben@google.com> Tue May 15 15:06:28 2018 -0400
committer: David Benjamin <davidben@google.com> Tue May 15 23:02:39 2018 +0000
tree: b63ce907825ff6786147317678da2308f5b4bfde
parent: e6737a86568dd3da416aa94d9346b49e24e016f3 [diff] [blame]
diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc
index 7fae0da..40b7ff0 100644
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc

@@ -1532,6 +1532,11 @@
           ssl, &selected, &selected_len, CBS_data(&protocol_name_list),
           CBS_len(&protocol_name_list),
           ssl->ctx->alpn_select_cb_arg) == SSL_TLSEXT_ERR_OK) {
+    if (selected_len == 0) {
+      OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_ALPN_PROTOCOL);
+      *out_alert = SSL_AD_INTERNAL_ERROR;
+      return false;
+    }
     if (!ssl->s3->alpn_selected.CopyFrom(
             MakeConstSpan(selected, selected_len))) {
       *out_alert = SSL_AD_INTERNAL_ERROR;
commit	fa544f1c0510969e3a85871504b4b8d6c770bb62	[log] [tgz]
author	David Benjamin <davidben@google.com>	Tue May 15 15:06:28 2018 -0400
committer	David Benjamin <davidben@google.com>	Tue May 15 23:02:39 2018 +0000
tree	b63ce907825ff6786147317678da2308f5b4bfde
parent	e6737a86568dd3da416aa94d9346b49e24e016f3 [diff] [blame]