Empty SNI names are not valid

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-16 12:57:24 -05:00 · 2016-01-16 12:57:24 -05:00 · e9a6c72e3c
commit e9a6c72e3c
parent 00cebd1131
1 changed files with 4 additions and 1 deletions
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@ -3221,6 +3221,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 #ifndef OPENSSL_NO_TLSEXT
    case SSL_CTRL_SET_TLSEXT_HOSTNAME:
        if (larg == TLSEXT_NAMETYPE_host_name) {
+            size_t len;
+
            if (s->tlsext_hostname != NULL)
                OPENSSL_free(s->tlsext_hostname);
            s->tlsext_hostname = NULL;
@ -3228,7 +3230,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
            ret = 1;
            if (parg == NULL)
                break;
-            if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) {
+            len = strlen((char *)parg);
+            if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
                SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
                return 0;
            }