From 89a80675800115043189ea51437b062d88fa51b7 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Mon, 19 Aug 2019 15:50:57 +0100 Subject: [PATCH] taint SNI values supplied by client --- src/src/tls-gnu.c | 2 +- src/src/tls-openssl.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index de44313e8..973b135f6 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -1957,7 +1957,7 @@ if (sni_type != GNUTLS_NAME_DNS) /* We now have a UTF-8 string in sni_name */ old_pool = store_pool; store_pool = POOL_PERM; -state->received_sni = string_copyn(US sni_name, data_len); +state->received_sni = string_copy_taint(US sni_name, TRUE); store_pool = old_pool; /* We set this one now so that variable expansions below will work */ diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index d6867200c..b9798f68b 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -1570,7 +1570,7 @@ DEBUG(D_tls) debug_printf("Received TLS SNI \"%s\"%s\n", servername, /* Make the extension value available for expansion */ store_pool = POOL_PERM; -tls_in.sni = string_copy(US servername); +tls_in.sni = string_copy_taint(US servername, TRUE); store_pool = old_pool; if (!reexpand_tls_files_for_sni) -- 2.25.1