Use defines to check alpn ext list validity

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2025-11-04 04:32:24 -05:00 · 2020-04-23 16:41:44 +02:00 · 2020-04-23 16:41:44 +02:00 · 8216dd3f34
commit 8216dd3f34
parent e131bfec29
2 changed files with 6 additions and 1 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -144,6 +144,9 @@
 #define MBEDTLS_SSL_TRANSPORT_DATAGRAM          1   /*!< DTLS     */

 #define MBEDTLS_SSL_MAX_HOST_NAME_LEN           255 /*!< Maximum host name defined in RFC 1035 */
+#define MBEDTLS_SSL_MAX_ALPN_NAME_LEN           255 /*!< Maximum size in bytes of a protocol name in alpn ext., RFC 7301 */
+
+#define MBEDTLS_SSL_MAX_ALPN_LIST_LEN           65535 /*!< Maximum size in bytes of list in alpn ext., RFC 7301          */

 /* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
 * NONE must be zero so that memset()ing structure to zero works */
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -4652,7 +4652,9 @@ int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **prot
        cur_len = strlen( *p );
        tot_len += cur_len;

-        if( cur_len == 0 || cur_len > 255 || tot_len > 65535 )
+        if( ( cur_len == 0 ) ||
+            ( cur_len > MBEDTLS_SSL_MAX_ALPN_NAME_LEN ) ||
+            ( tot_len > MBEDTLS_SSL_MAX_ALPN_LIST_LEN ) )
            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
    }