From: Viktor Dukhovni Date: Fri, 11 Oct 2019 21:52:19 +0000 (-0400) Subject: Ignore empty ALPN elements in CLI args X-Git-Tag: OpenSSL_1_1_1e~192 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=bc458b0dd00acf8114dee7e4ac6423288a570697;p=oweals%2Fopenssl.git Ignore empty ALPN elements in CLI args Reviewed-by: Matt Caswell --- diff --git a/apps/apps.c b/apps/apps.c index 7177c5d982..c06241abb9 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1962,26 +1962,46 @@ unsigned char *next_protos_parse(size_t *outlen, const char *in) size_t len; unsigned char *out; size_t i, start = 0; + size_t skipped = 0; len = strlen(in); - if (len >= 65535) + if (len == 0 || len >= 65535) return NULL; - out = app_malloc(strlen(in) + 1, "NPN buffer"); + out = app_malloc(len + 1, "NPN buffer"); for (i = 0; i <= len; ++i) { if (i == len || in[i] == ',') { + /* + * Zero-length ALPN elements are invalid on the wire, we could be + * strict and reject the entire string, but just ignoring extra + * commas seems harmless and more friendly. + * + * Every comma we skip in this way puts the input buffer another + * byte ahead of the output buffer, so all stores into the output + * buffer need to be decremented by the number commas skipped. + */ + if (i == start) { + ++start; + ++skipped; + continue; + } if (i - start > 255) { OPENSSL_free(out); return NULL; } - out[start] = (unsigned char)(i - start); + out[start-skipped] = (unsigned char)(i - start); start = i + 1; } else { - out[i + 1] = in[i]; + out[i + 1 - skipped] = in[i]; } } - *outlen = len + 1; + if (len <= skipped) { + OPENSSL_free(out); + return NULL; + } + + *outlen = len + 1 - skipped; return out; }