summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2019-08-19 15:50:57 +0100
committerJeremy Harris <jgh146exb@wizmail.org>2019-08-19 15:57:13 +0100
commit89a80675800115043189ea51437b062d88fa51b7 (patch)
tree67e14f834fd68e59f7ab37d01d4fee4464acebe2 /src
parent314db5bae8fbce6bf72f37096dc3a042696e8448 (diff)
taint SNI values supplied by client
Diffstat (limited to 'src')
-rw-r--r--src/src/tls-gnu.c2
-rw-r--r--src/src/tls-openssl.c2
2 files changed, 2 insertions, 2 deletions
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index de44313e8..973b135f6 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -1957,7 +1957,7 @@ if (sni_type != GNUTLS_NAME_DNS)
/* We now have a UTF-8 string in sni_name */
old_pool = store_pool;
store_pool = POOL_PERM;
-state->received_sni = string_copyn(US sni_name, data_len);
+state->received_sni = string_copy_taint(US sni_name, TRUE);
store_pool = old_pool;
/* We set this one now so that variable expansions below will work */
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index d6867200c..b9798f68b 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -1570,7 +1570,7 @@ DEBUG(D_tls) debug_printf("Received TLS SNI \"%s\"%s\n", servername,
/* Make the extension value available for expansion */
store_pool = POOL_PERM;
-tls_in.sni = string_copy(US servername);
+tls_in.sni = string_copy_taint(US servername, TRUE);
store_pool = old_pool;
if (!reexpand_tls_files_for_sni)
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-28 06:18:38 +0000