summaryrefslogtreecommitdiffstats
path: root/src/network/ssl/qsslsocket_mac.cpp
diff options
context:
space:
mode:
authorMårten Nordheim <marten.nordheim@qt.io>2019-08-14 14:20:03 +0200
committerMårten Nordheim <marten.nordheim@qt.io>2019-08-16 15:49:43 +0000
commitec940f898b42f16bb0727f807b72488fad6d6d12 (patch)
tree739763b7089216ffdd17f69d190ae83e0a9012ce /src/network/ssl/qsslsocket_mac.cpp
parent12d37e70a71cf4c6b802cb95f2e85351b2648692 (diff)
SSL: ALPN: Don't include empty, too long or truncated names
As is said in RFC7301 in section 3.1 [1]: Protocols are named by IANA-registered, opaque, non-empty byte strings [...]. Empty strings MUST NOT be included and byte strings MUST NOT be truncated. [1]: https://tools.ietf.org/html/rfc7301#section-3.1 Change-Id: I2c41fa99984a53cc58803e5a264d06edac964cc6 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Diffstat (limited to 'src/network/ssl/qsslsocket_mac.cpp')
-rw-r--r--src/network/ssl/qsslsocket_mac.cpp7
1 files changed, 7 insertions, 0 deletions
diff --git a/src/network/ssl/qsslsocket_mac.cpp b/src/network/ssl/qsslsocket_mac.cpp
index 7c5f4310f8..e6b71b293e 100644
--- a/src/network/ssl/qsslsocket_mac.cpp
+++ b/src/network/ssl/qsslsocket_mac.cpp
@@ -928,6 +928,13 @@ bool QSslSocketBackendPrivate::initSslContext()
QCFType<CFMutableArrayRef> cfNames(CFArrayCreateMutable(nullptr, 0, &kCFTypeArrayCallBacks));
if (cfNames) {
for (const QByteArray &name : protocolNames) {
+ if (name.size() > 255) {
+ qCWarning(lcSsl) << "TLS ALPN extension" << name
+ << "is too long and will be ignored.";
+ continue;
+ } else if (name.isEmpty()) {
+ continue;
+ }
QCFString cfName(QString::fromLatin1(name).toCFString());
CFArrayAppendValue(cfNames, cfName);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-06 16:49:26 +0000