taint SNI values supplied by client

author Jeremy Harris <jgh146exb@wizmail.org>

Mon, 19 Aug 2019 14:50:57 +0000 (15:50 +0100)

committer Jeremy Harris <jgh146exb@wizmail.org>

Mon, 19 Aug 2019 14:57:13 +0000 (15:57 +0100)
author Jeremy Harris <jgh146exb@wizmail.org>
Mon, 19 Aug 2019 14:50:57 +0000 (15:50 +0100)
committer Jeremy Harris <jgh146exb@wizmail.org>
Mon, 19 Aug 2019 14:57:13 +0000 (15:57 +0100)
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c

index de44313e80b01d9fa4885da38a501e9bf4165245..973b135f6075fbbe8a56c44717ebde55a9a5bf9d 100644 (file)
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -1957,7 +1957,7 @@ if (sni_type != GNUTLS_NAME_DNS)
  /* We now have a UTF-8 string in sni_name */
  old_pool = store_pool;
  store_pool = POOL_PERM;
-state->received_sni = string_copyn(US sni_name, data_len);
+state->received_sni = string_copy_taint(US sni_name, TRUE);
  store_pool = old_pool;
  
  /* We set this one now so that variable expansions below will work */
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c

index d6867200c9e6cdd2810b364186c329cdbb4a1895..b9798f68b3f6e7a840d6d4e772d8e7c324b59d58 100644 (file)
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -1570,7 +1570,7 @@ DEBUG(D_tls) debug_printf("Received TLS SNI \"%s\"%s\n", servername,
  
  /* Make the extension value available for expansion */
  store_pool = POOL_PERM;
-tls_in.sni = string_copy(US servername);
+tls_in.sni = string_copy_taint(US servername, TRUE);
  store_pool = old_pool;
  
  if (!reexpand_tls_files_for_sni)
author	Jeremy Harris <jgh146exb@wizmail.org>
	Mon, 19 Aug 2019 14:50:57 +0000 (15:50 +0100)
committer	Jeremy Harris <jgh146exb@wizmail.org>
	Mon, 19 Aug 2019 14:57:13 +0000 (15:57 +0100)
src/src/tls-gnu.c		patch \| blob \| blame \| history
src/src/tls-openssl.c		patch \| blob \| blame \| history