cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-04 04:32:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

Make mbedtls_ssl_set_hostname safe to be called multiple times

Browse Source 
Zeroize and free previously set hostnames before overwriting
them. Also, allow clearance of hostname by providing NULL parameter.
This commit is contained in:
Hanno Becker 2017-04-07 13:25:49 +01:00 committed by Simon Butcher
parent b25c0c78cf
commit 947194e7cf
1 changed files with 37 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
library/ssl_tls.c
View File

@ -6166,7 +6166,7 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
{ {
conf->sig_hashes = hashes; conf->sig_hashes = hashes;
} }
#endif #endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
#if defined(MBEDTLS_ECP_C) #if defined(MBEDTLS_ECP_C)
/* /*
@ -6177,24 +6177,42 @@ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
{ {
conf->curve_list = curve_list; conf->curve_list = curve_list;
} }
#endif #endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ) int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname )
{ {
size_t hostname_len; /* Initialize to suppress unnecessary compiler warning */
size_t hostname_len = 0;
if( hostname == NULL ) /* Check if new hostname is valid before
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); * making any change to current one */
if( hostname != NULL )
{
hostname_len = strlen( hostname ); hostname_len = strlen( hostname );
if( hostname_len + 1 == 0 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN ) if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
/* Now it's clear that we will overwrite the old hostname,
* so we can free it safely */
if( ssl->hostname != NULL )
{
mbedtls_zeroize( ssl->hostname, strlen( ssl->hostname ) );
mbedtls_free( ssl->hostname );
}
/* Passing NULL as hostname shall clear the old one */
if( hostname == NULL )
{
ssl->hostname = NULL;
}
else
{
ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 ); ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 );
if( ssl->hostname == NULL ) if( ssl->hostname == NULL )
@ -6203,6 +6221,7 @@ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname )
memcpy( ssl->hostname, hostname, hostname_len ); memcpy( ssl->hostname, hostname, hostname_len );
ssl->hostname[hostname_len] = '\0'; ssl->hostname[hostname_len] = '\0';
}
return( 0 ); return( 0 );
} }