SSL: explicit handling of empty names.

X509_check_host() can't handle non null-terminated names with zero length, so make sure to fail before calling it.
author: Maxim Dounin <mdounin@mdounin.ru> 2014-04-23 20:31:31 +0400
committer: Maxim Dounin <mdounin@mdounin.ru> 2014-04-23 20:31:31 +0400
commit: 6898a634d3cdd7df70bb8b112a74bfd98253c1f4 (patch)
tree: b5eae5356fab97bc526d62f6e365990f483cdcf7
parent: c728709316d34735eb27875af0d8df889b145f45 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index f885a5c7f..88472fc90 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -2504,6 +2504,10 @@ ngx_ssl_check_host(ngx_connection_t *c, ngx_str_t *name)
 
     /* X509_check_host() is only available in OpenSSL 1.0.2+ */
 
+    if (name->len == 0) {
+        goto failed;
+    }
+
     if (X509_check_host(cert, name->data, name->len, 0) != 1) {
         ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
                        "X509_check_host(): no match");
author	Maxim Dounin <mdounin@mdounin.ru>	2014-04-23 20:31:31 +0400
committer	Maxim Dounin <mdounin@mdounin.ru>	2014-04-23 20:31:31 +0400
commit	6898a634d3cdd7df70bb8b112a74bfd98253c1f4 (patch)
tree	b5eae5356fab97bc526d62f6e365990f483cdcf7
parent	c728709316d34735eb27875af0d8df889b145f45 (diff)