diff options
Diffstat (limited to 'src/daemon/https/tls/ext_server_name.c')
-rw-r--r-- | src/daemon/https/tls/ext_server_name.c | 117 |
1 files changed, 65 insertions, 52 deletions
diff --git a/src/daemon/https/tls/ext_server_name.c b/src/daemon/https/tls/ext_server_name.c index 45afc31b..1441f692 100644 --- a/src/daemon/https/tls/ext_server_name.c +++ b/src/daemon/https/tls/ext_server_name.c | |||
@@ -48,75 +48,88 @@ MHD_gtls_server_name_recv_params (MHD_gtls_session_t session, | |||
48 | ssize_t data_size = _data_size; | 48 | ssize_t data_size = _data_size; |
49 | int server_names = 0; | 49 | int server_names = 0; |
50 | 50 | ||
51 | if (session->security_parameters.entity == GNUTLS_SERVER) | 51 | DECR_LENGTH_RET (data_size, 2, 0); |
52 | { | 52 | len = MHD_gtls_read_uint16 (data); |
53 | DECR_LENGTH_RET (data_size, 2, 0); | ||
54 | len = MHD_gtls_read_uint16 (data); | ||
55 | 53 | ||
56 | if (len != data_size) | 54 | if (len != data_size) |
57 | { | 55 | { |
58 | /* This is unexpected packet length, but | 56 | /* This is unexpected packet length, but |
59 | * just ignore it, for now. | 57 | * just ignore it, for now. |
60 | */ | 58 | */ |
61 | MHD_gnutls_assert (); | 59 | MHD_gnutls_assert (); |
62 | return 0; | 60 | return 0; |
63 | } | 61 | } |
64 | 62 | ||
65 | p = data + 2; | 63 | p = data + 2; |
66 | 64 | ||
67 | /* Count all server_names in the packet. */ | 65 | /* Count all server_names in the packet. */ |
68 | while (data_size > 0) | 66 | while (data_size > 0) |
69 | { | 67 | { |
70 | DECR_LENGTH_RET (data_size, 1, 0); | 68 | DECR_LENGTH_RET (data_size, 1, 0); |
71 | p++; | 69 | p++; |
72 | 70 | ||
73 | DECR_LEN (data_size, 2); | 71 | DECR_LEN (data_size, 2); |
74 | len = MHD_gtls_read_uint16 (p); | 72 | len = MHD_gtls_read_uint16 (p); |
75 | p += 2; | 73 | p += 2; |
76 | 74 | ||
75 | /* make sure supplied server name is not empty */ | ||
76 | if (len > 0) | ||
77 | { | ||
77 | DECR_LENGTH_RET (data_size, len, 0); | 78 | DECR_LENGTH_RET (data_size, len, 0); |
78 | server_names++; | 79 | server_names++; |
79 | |||
80 | p += len; | 80 | p += len; |
81 | } | 81 | } |
82 | else | ||
83 | { | ||
84 | #if HAVE_MESSAGES | ||
85 | MHD__gnutls_handshake_log | ||
86 | ("HSK[%x]: Received zero size server name (under attack?)\n", | ||
87 | session); | ||
88 | #endif | ||
89 | } | ||
90 | } | ||
82 | 91 | ||
83 | session->security_parameters.extensions.server_names_size = | 92 | /* we cannot accept more server names. */ |
84 | server_names; | 93 | if (server_names > MAX_SERVER_NAME_EXTENSIONS) |
85 | if (server_names == 0) | 94 | { |
86 | return 0; /* no names found */ | 95 | #if HAVE_MESSAGES |
96 | MHD__gnutls_handshake_log | ||
97 | ("HSK[%x]: Too many server names received (under attack?)\n", | ||
98 | session); | ||
99 | #endif | ||
100 | server_names = MAX_SERVER_NAME_EXTENSIONS; | ||
101 | } | ||
87 | 102 | ||
88 | /* we cannot accept more server names. | 103 | session->security_parameters.extensions.server_names_size = server_names; |
89 | */ | 104 | if (server_names == 0) |
90 | if (server_names > MAX_SERVER_NAME_EXTENSIONS) | 105 | return 0; /* no names found */ |
91 | server_names = MAX_SERVER_NAME_EXTENSIONS; | ||
92 | 106 | ||
93 | p = data + 2; | 107 | p = data + 2; |
94 | for (i = 0; i < server_names; i++) | 108 | for (i = 0; i < server_names; i++) |
95 | { | 109 | { |
96 | type = *p; | 110 | type = *p; |
97 | p++; | 111 | p++; |
98 | 112 | ||
99 | len = MHD_gtls_read_uint16 (p); | 113 | len = MHD_gtls_read_uint16 (p); |
100 | p += 2; | 114 | p += 2; |
101 | 115 | ||
102 | switch (type) | 116 | switch (type) |
117 | { | ||
118 | case 0: /* NAME_DNS */ | ||
119 | if (len <= MAX_SERVER_NAME_SIZE) | ||
103 | { | 120 | { |
104 | case 0: /* NAME_DNS */ | 121 | memcpy (session->security_parameters.extensions.server_names[i]. |
105 | if (len <= MAX_SERVER_NAME_SIZE) | 122 | name, p, len); |
106 | { | 123 | session->security_parameters.extensions. |
107 | memcpy (session->security_parameters. | 124 | server_names[i].name_length = len; |
108 | extensions.server_names[i].name, p, len); | 125 | session->security_parameters.extensions.server_names[i].type = |
109 | session->security_parameters.extensions.server_names[i]. | 126 | GNUTLS_NAME_DNS; |
110 | name_length = len; | 127 | break; |
111 | session->security_parameters.extensions.server_names[i]. | ||
112 | type = GNUTLS_NAME_DNS; | ||
113 | break; | ||
114 | } | ||
115 | } | 128 | } |
116 | |||
117 | /* move to next record */ | ||
118 | p += len; | ||
119 | } | 129 | } |
130 | |||
131 | /* move to next record */ | ||
132 | p += len; | ||
120 | } | 133 | } |
121 | return 0; | 134 | return 0; |
122 | } | 135 | } |