diff options
author | Mårten Nordheim <marten.nordheim@qt.io> | 2019-08-14 14:20:03 +0200 |
---|---|---|
committer | Mårten Nordheim <marten.nordheim@qt.io> | 2019-08-16 15:49:43 +0000 |
commit | ec940f898b42f16bb0727f807b72488fad6d6d12 (patch) | |
tree | 739763b7089216ffdd17f69d190ae83e0a9012ce /src/network/ssl/qsslsocket_mac.cpp | |
parent | 12d37e70a71cf4c6b802cb95f2e85351b2648692 (diff) |
SSL: ALPN: Don't include empty, too long or truncated names
As is said in RFC7301 in section 3.1 [1]:
Protocols are named by IANA-registered, opaque, non-empty byte strings
[...]. Empty strings MUST NOT be included and byte strings MUST NOT be
truncated.
[1]: https://tools.ietf.org/html/rfc7301#section-3.1
Change-Id: I2c41fa99984a53cc58803e5a264d06edac964cc6
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Diffstat (limited to 'src/network/ssl/qsslsocket_mac.cpp')
-rw-r--r-- | src/network/ssl/qsslsocket_mac.cpp | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/network/ssl/qsslsocket_mac.cpp b/src/network/ssl/qsslsocket_mac.cpp index 7c5f4310f8..e6b71b293e 100644 --- a/src/network/ssl/qsslsocket_mac.cpp +++ b/src/network/ssl/qsslsocket_mac.cpp @@ -928,6 +928,13 @@ bool QSslSocketBackendPrivate::initSslContext() QCFType<CFMutableArrayRef> cfNames(CFArrayCreateMutable(nullptr, 0, &kCFTypeArrayCallBacks)); if (cfNames) { for (const QByteArray &name : protocolNames) { + if (name.size() > 255) { + qCWarning(lcSsl) << "TLS ALPN extension" << name + << "is too long and will be ignored."; + continue; + } else if (name.isEmpty()) { + continue; + } QCFString cfName(QString::fromLatin1(name).toCFString()); CFArrayAppendValue(cfNames, cfName); } |