Empty SNI names are not valid
While empty inputs to SSL_set1_host() clear the reference identifier
list.
Reviewed-by: Rich Salz <rsalz@openssl.org>
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index de8dae2..54b8eba 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3534,13 +3534,16 @@
#endif /* !OPENSSL_NO_EC */
case SSL_CTRL_SET_TLSEXT_HOSTNAME:
if (larg == TLSEXT_NAMETYPE_host_name) {
+ size_t len;
+
OPENSSL_free(s->tlsext_hostname);
s->tlsext_hostname = NULL;
ret = 1;
if (parg == NULL)
break;
- if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) {
+ len = strlen((char *)parg);
+ if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
return 0;
}
