Fixed potential heap buffer overflow on large hostname setting (cherry picked from commit 75c1a6f97c9b25b71bcc95b158bc673f6db04400) Conflicts: library/ssl_tls.c

commit: 3081ba12bb20c72d5f854f66af6ce7c68b36ddd6 [log] [tgz]
author: Paul Bakker <p.j.bakker@polarssl.org> Wed Sep 11 11:38:34 2013 +0200
committer: Paul Bakker <p.j.bakker@polarssl.org> Wed Sep 11 13:24:12 2013 +0200
tree: a20e044c1574bb7007df5e8c2e06b33d0ec19650
parent: df177ba72881f6fa479614bc306034da5e81065f [diff] [blame]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 73a6604..b3b82b0 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -1991,6 +1991,10 @@
         return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
 
     ssl->hostname_len = strlen( hostname );
+
+    if( ssl->hostname_len + 1 == 0 )
+        return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+
     ssl->hostname = (unsigned char *) malloc( ssl->hostname_len + 1 );
 
     if( ssl->hostname == NULL )
@@ -1998,7 +2002,7 @@
 
     memcpy( ssl->hostname, (unsigned char *) hostname,
             ssl->hostname_len );
-    
+
     ssl->hostname[ssl->hostname_len] = '\0';
 
     return( 0 );
commit	3081ba12bb20c72d5f854f66af6ce7c68b36ddd6	[log] [tgz]
author	Paul Bakker <p.j.bakker@polarssl.org>	Wed Sep 11 11:38:34 2013 +0200
committer	Paul Bakker <p.j.bakker@polarssl.org>	Wed Sep 11 13:24:12 2013 +0200
tree	a20e044c1574bb7007df5e8c2e06b33d0ec19650
parent	df177ba72881f6fa479614bc306034da5e81065f [diff] [blame]