From e78253f2d0c1a9fe6b023d867ee02342b4560150 Mon Sep 17 00:00:00 2001 From: Viktor Dukhovni Date: Fri, 11 Oct 2019 17:52:19 -0400 Subject: [PATCH] Ignore empty ALPN elements in CLI args Reviewed-by: Matt Caswell --- apps/lib/apps.c | 30 +++++++++++++++++++++++++----- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 65bd5a4070..73483d99f4 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -1809,26 +1809,46 @@ unsigned char *next_protos_parse(size_t *outlen, const char *in) size_t len; unsigned char *out; size_t i, start = 0; + size_t skipped = 0; len = strlen(in); - if (len >= 65535) + if (len == 0 || len >= 65535) return NULL; - out = app_malloc(strlen(in) + 1, "NPN buffer"); + out = app_malloc(len + 1, "NPN buffer"); for (i = 0; i <= len; ++i) { if (i == len || in[i] == ',') { + /* + * Zero-length ALPN elements are invalid on the wire, we could be + * strict and reject the entire string, but just ignoring extra + * commas seems harmless and more friendly. + * + * Every comma we skip in this way puts the input buffer another + * byte ahead of the output buffer, so all stores into the output + * buffer need to be decremented by the number commas skipped. + */ + if (i == start) { + ++start; + ++skipped; + continue; + } if (i - start > 255) { OPENSSL_free(out); return NULL; } - out[start] = (unsigned char)(i - start); + out[start-skipped] = (unsigned char)(i - start); start = i + 1; } else { - out[i + 1] = in[i]; + out[i + 1 - skipped] = in[i]; } } - *outlen = len + 1; + if (len <= skipped) { + OPENSSL_free(out); + return NULL; + } + + *outlen = len + 1 - skipped; return out; } -- 2.25.1