yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-11 19:25:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make ssl_set_hostname safe to be called multiple times

Browse source 
Zeroize and free previously set hostnames before overwriting
them. Also, allow clearance of hostname by providing NULL parameter.
This commit is contained in:
Hanno Becker 2017-05-05 13:07:33 +01:00 committed by Simon Butcher
parent a1af31e14a
commit b9ac47c371
1 changed files with 41 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

57
library/ssl_tls.c
View file

@ -4230,26 +4230,51 @@ void ssl_set_curves( ssl_context *ssl, const ecp_group_id *curve_list )
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
int ssl_set_hostname( ssl_context *ssl, const char *hostname ) int ssl_set_hostname( ssl_context *ssl, const char *hostname )
{ {
size_t hostname_len = 0;
/* Check if new hostname is valid before
* making any change to current one */
if( hostname != NULL )
{
hostname_len = strlen( hostname );
if( hostname_len > SSL_MAX_HOST_NAME_LEN )
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
}
/* Now it's clear that we will overwrite the old hostname,
* so we can free it safely */
if( ssl->hostname != NULL )
{
polarssl_zeroize( ssl->hostname, ssl->hostname_len );
polarssl_free( ssl->hostname );
}
/* Passing NULL as hostname shall clear the old one */
if( hostname == NULL ) if( hostname == NULL )
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); {
ssl->hostname = NULL;
ssl->hostname_len = 0;
}
else
{
ssl->hostname = polarssl_malloc( hostname_len + 1 );
ssl->hostname_len = strlen( hostname ); if( ssl->hostname == NULL )
{
ssl->hostname_len = 0;
return( POLARSSL_ERR_SSL_MALLOC_FAILED );
}
if( ssl->hostname_len + 1 == 0 ) memcpy( ssl->hostname, (const unsigned char*) hostname,
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); hostname_len );
if( ssl->hostname_len > SSL_MAX_HOST_NAME_LEN ) ssl->hostname[hostname_len] = '\0';
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); ssl->hostname_len = hostname_len;
}
ssl->hostname = polarssl_malloc( ssl->hostname_len + 1 );
if( ssl->hostname == NULL )
return( POLARSSL_ERR_SSL_MALLOC_FAILED );
memcpy( ssl->hostname, (const unsigned char *) hostname,
ssl->hostname_len );
ssl->hostname[ssl->hostname_len] = '\0';
return( 0 ); return( 0 );
} }