From c988f32adde62a169ba340fee0da15aecd40e76e Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 29 Sep 2015 23:27:20 +0100 Subject: [PATCH] Added max length checking of hostname --- include/polarssl/ssl.h | 2 ++ library/ssl_tls.c | 3 +++ 2 files changed, 5 insertions(+) diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index 1f9f8be63..0d8466385 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -198,6 +198,8 @@ #endif /* POLARSSL_SSL_PROTO_TLS1_1 */ #endif /* POLARSSL_SSL_PROTO_TLS1_2 */ +#define SSL_MAX_HOST_NAME_LEN 255 /*!< Maximum host name defined in RFC 1035 */ + /* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c * NONE must be zero so that memset()ing structure to zero works */ #define SSL_MAX_FRAG_LEN_NONE 0 /*!< don't use this extension */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 96e867b69..0a7fee19f 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4148,6 +4148,9 @@ int ssl_set_hostname( ssl_context *ssl, const char *hostname ) if( ssl->hostname_len + 1 == 0 ) return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); + if( ssl->hostname_len > SSL_MAX_HOST_NAME_LEN ) + return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); + ssl->hostname = polarssl_malloc( ssl->hostname_len + 1 ); if( ssl->hostname == NULL )