diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 20d9c74f2..6dfa9f47a 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1069,8 +1069,7 @@ struct mbedtls_ssl_context /* * SNI extension */ - unsigned char *hostname; - size_t hostname_len; + char *hostname; #endif #if defined(MBEDTLS_SSL_ALPN) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index bbc88381a..a6e020217 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -65,6 +65,7 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl, size_t *olen ) { unsigned char *p = buf; + size_t hostname_len; *olen = 0; @@ -74,6 +75,8 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding server name extension: %s", ssl->hostname ) ); + hostname_len = strlen( ssl->hostname ); + /* * struct { * NameType name_type; @@ -95,19 +98,19 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl, *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME ) & 0xFF ); - *p++ = (unsigned char)( ( (ssl->hostname_len + 5) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( (ssl->hostname_len + 5) ) & 0xFF ); + *p++ = (unsigned char)( ( (hostname_len + 5) >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( (hostname_len + 5) ) & 0xFF ); - *p++ = (unsigned char)( ( (ssl->hostname_len + 3) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( (ssl->hostname_len + 3) ) & 0xFF ); + *p++ = (unsigned char)( ( (hostname_len + 3) >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( (hostname_len + 3) ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->hostname_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->hostname_len ) & 0xFF ); + *p++ = (unsigned char)( ( hostname_len >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( hostname_len ) & 0xFF ); - memcpy( p, ssl->hostname, ssl->hostname_len ); + memcpy( p, ssl->hostname, hostname_len ); - *olen = ssl->hostname_len + 9; + *olen = hostname_len + 9; } #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 276a0dafc..d417065d8 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5453,23 +5453,24 @@ void mbedtls_ssl_set_curves( mbedtls_ssl_config *conf, #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ) { + size_t hostname_len; + if( hostname == NULL ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - ssl->hostname_len = strlen( hostname ); + hostname_len = strlen( hostname ); - if( ssl->hostname_len + 1 == 0 ) + if( hostname_len + 1 == 0 ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - ssl->hostname = mbedtls_malloc( ssl->hostname_len + 1 ); + ssl->hostname = mbedtls_malloc( hostname_len + 1 ); if( ssl->hostname == NULL ) return( MBEDTLS_ERR_SSL_MALLOC_FAILED ); - memcpy( ssl->hostname, (const unsigned char *) hostname, - ssl->hostname_len ); + memcpy( ssl->hostname, hostname, hostname_len ); - ssl->hostname[ssl->hostname_len] = '\0'; + ssl->hostname[hostname_len] = '\0'; return( 0 ); } @@ -6562,9 +6563,8 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) if( ssl->hostname != NULL ) { - mbedtls_zeroize( ssl->hostname, ssl->hostname_len ); + mbedtls_zeroize( ssl->hostname, strlen( ssl->hostname ) ); mbedtls_free( ssl->hostname ); - ssl->hostname_len = 0; } #endif