1 --- openssl-1.0.0.orig/ssl/t1_lib.c 15 Jun 2010 17:25:15 -0000 1.64.2.14 2 +++ openssl-1.0.0/ssl/t1_lib.c 15 Nov 2010 15:26:19 -0000 3 @@ -714,14 +714,23 @@ 4 switch (servname_type) 5 { 6 case TLSEXT_NAMETYPE_host_name: 7 - if (s->session->tlsext_hostname == NULL) 8 + if (!s->hit) 9 { 10 - if (len > TLSEXT_MAXLEN_host_name || 11 - ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)) 12 + if(s->session->tlsext_hostname) 13 + { 14 + *al = SSL_AD_DECODE_ERROR; 15 + return 0; 16 + } 17 + if (len > TLSEXT_MAXLEN_host_name) 18 { 19 *al = TLS1_AD_UNRECOGNIZED_NAME; 20 return 0; 21 } 22 + if ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL) 23 + { 24 + *al = TLS1_AD_INTERNAL_ERROR; 25 + return 0; 26 + } 27 memcpy(s->session->tlsext_hostname, sdata, len); 28 s->session->tlsext_hostname[len]='\0'; 29 if (strlen(s->session->tlsext_hostname) != len) { 30 @@ -734,7 +743,8 @@ 31 32 } 33 else 34 - s->servername_done = strlen(s->session->tlsext_hostname) == len 35 + s->servername_done = s->session->tlsext_hostname 36 + && strlen(s->session->tlsext_hostname) == len 37 && strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0; 38 39 break; 40 @@ -765,15 +775,22 @@ 41 *al = TLS1_AD_DECODE_ERROR; 42 return 0; 43 } 44 - s->session->tlsext_ecpointformatlist_length = 0; 45 - if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist); 46 - if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) 47 + if (!s->hit) 48 { 49 - *al = TLS1_AD_INTERNAL_ERROR; 50 - return 0; 51 + if(s->session->tlsext_ecpointformatlist) 52 + { 53 + *al = TLS1_AD_DECODE_ERROR; 54 + return 0; 55 + } 56 + s->session->tlsext_ecpointformatlist_length = 0; 57 + if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) 58 + { 59 + *al = TLS1_AD_INTERNAL_ERROR; 60 + return 0; 61 + } 62 + s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; 63 + memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); 64 } 65 - s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; 66 - memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); 67 #if 0 68 fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ecpointformatlist (length=%i) ", s->session->tlsext_ecpointformatlist_length); 69 sdata = s->session->tlsext_ecpointformatlist; 70 @@ -794,15 +811,22 @@ 71 *al = TLS1_AD_DECODE_ERROR; 72 return 0; 73 } 74 - s->session->tlsext_ellipticcurvelist_length = 0; 75 - if (s->session->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->session->tlsext_ellipticcurvelist); 76 - if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL) 77 + if (!s->hit) 78 { 79 - *al = TLS1_AD_INTERNAL_ERROR; 80 - return 0; 81 + if(s->session->tlsext_ellipticcurvelist) 82 + { 83 + *al = TLS1_AD_DECODE_ERROR; 84 + return 0; 85 + } 86 + s->session->tlsext_ellipticcurvelist_length = 0; 87 + if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL) 88 + { 89 + *al = TLS1_AD_INTERNAL_ERROR; 90 + return 0; 91 + } 92 + s->session->tlsext_ellipticcurvelist_length = ellipticcurvelist_length; 93 + memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length); 94 } 95 - s->session->tlsext_ellipticcurvelist_length = ellipticcurvelist_length; 96 - memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length); 97 #if 0 98 fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ellipticcurvelist (length=%i) ", s->session->tlsext_ellipticcurvelist_length); 99 sdata = s->session->tlsext_ellipticcurvelist; 100
