From b9ac47c3719297cb0010b364718cbebdf96ffc6b Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 5 May 2017 13:07:33 +0100
Subject: [PATCH] Make ssl_set_hostname safe to be called multiple times

Zeroize and free previously set hostnames before overwriting
them. Also, allow clearance of hostname by providing NULL parameter.
---
 library/ssl_tls.c | 57 ++++++++++++++++++++++++++++++++++-------------
 1 file changed, 41 insertions(+), 16 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index bae8433fe..54867da97 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4230,26 +4230,51 @@ void ssl_set_curves( ssl_context *ssl, const ecp_group_id *curve_list )
 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
 int ssl_set_hostname( ssl_context *ssl, const char *hostname )
 {
+    size_t hostname_len = 0;
+
+    /* Check if new hostname is valid before
+     * making any change to current one */
+
+    if( hostname != NULL )
+    {
+        hostname_len = strlen( hostname );
+
+        if( hostname_len > SSL_MAX_HOST_NAME_LEN )
+            return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+    }
+
+    /* Now it's clear that we will overwrite the old hostname,
+     * so we can free it safely */
+
+    if( ssl->hostname != NULL )
+    {
+        polarssl_zeroize( ssl->hostname, ssl->hostname_len );
+        polarssl_free( ssl->hostname );
+    }
+
+    /* Passing NULL as hostname shall clear the old one */
+
     if( hostname == NULL )
-        return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+    {
+        ssl->hostname     = NULL;
+        ssl->hostname_len = 0;
+    }
+    else
+    {
+        ssl->hostname = polarssl_malloc( hostname_len + 1 );
 
-    ssl->hostname_len = strlen( hostname );
+        if( ssl->hostname == NULL )
+        {
+            ssl->hostname_len = 0;
+            return( POLARSSL_ERR_SSL_MALLOC_FAILED );
+        }
 
-    if( ssl->hostname_len + 1 == 0 )
-        return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+        memcpy( ssl->hostname, (const unsigned char*) hostname,
+                hostname_len );
 
-    if( ssl->hostname_len > SSL_MAX_HOST_NAME_LEN )
-        return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
-
-    ssl->hostname = polarssl_malloc( ssl->hostname_len + 1 );
-
-    if( ssl->hostname == NULL )
-        return( POLARSSL_ERR_SSL_MALLOC_FAILED );
-
-    memcpy( ssl->hostname, (const unsigned char *) hostname,
-            ssl->hostname_len );
-
-    ssl->hostname[ssl->hostname_len] = '\0';
+        ssl->hostname[hostname_len] = '\0';
+        ssl->hostname_len = hostname_len;
+    }
 
     return( 0 );
 }