CVSROOT: /cvs Module name: src Changes by: [email protected] 2022/01/24 06:49:50
Modified files:
lib/libssl : ssl_tlsext.c
Log message:
Avoid use of uninitialized in tlsext_sni_server_parse()
If the hostname is too long, tlsext_sni_is_valid_hostname() will fail
without having initialized *is_ip. As a result, the garbage value could
lead to accepting (but otherwise ignoring) overlong and possibly invalid
hostnames without erroring in tlsext_sni_server_parse().
ok inoguchi jsing
