Fixed potential heap buffer overflow on large hostname setting (cherry picked from commit 75c1a6f97c9b25b71bcc95b158bc673f6db04400) Conflicts: library/ssl_tls.c

commit: a13d744d2ea391e7bd2314a747493d969c3caf5a [log] [tgz]
author: Paul Bakker <p.j.bakker@polarssl.org> Wed Sep 11 11:38:34 2013 +0200
committer: Paul Bakker <p.j.bakker@polarssl.org> Wed Sep 11 11:41:41 2013 +0200
tree: 8d80d0a9505ba7ea5bc35df226b4ea59115ff5ee
parent: fe7c24caa6ebe3867031666065673ea9d77d571e [diff] [blame]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index cde6795..fd5b5a3 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -3239,6 +3239,10 @@
         return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
 
     ssl->hostname_len = strlen( hostname );
+
+    if( ssl->hostname_len + 1 == 0 )
+        return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+
     ssl->hostname = (unsigned char *) malloc( ssl->hostname_len + 1 );
 
     if( ssl->hostname == NULL )
@@ -3246,7 +3250,7 @@
 
     memcpy( ssl->hostname, (const unsigned char *) hostname,
             ssl->hostname_len );
-    
+
     ssl->hostname[ssl->hostname_len] = '\0';
 
     return( 0 );
commit	a13d744d2ea391e7bd2314a747493d969c3caf5a	[log] [tgz]
author	Paul Bakker <p.j.bakker@polarssl.org>	Wed Sep 11 11:38:34 2013 +0200
committer	Paul Bakker <p.j.bakker@polarssl.org>	Wed Sep 11 11:41:41 2013 +0200
tree	8d80d0a9505ba7ea5bc35df226b4ea59115ff5ee
parent	fe7c24caa6ebe3867031666065673ea9d77d571e [diff] [blame]