diff --git a/ChangeLog b/ChangeLog index 1d06476d7..e70aeee2f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -118,6 +118,8 @@ Security team. #569 CVE-2017-2784 Bugfix + * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. + Found by jethrogb, #836. * Fix output certificate verification flags set by x509_crt_verify_top() when traversing a chain of trusted CA. The issue would cause both flags, MBEDTLS_X509_BADCERT_NOT_TRUSTED and MBEDTLS_X509_BADCERT_EXPIRED, to be diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 6084a5160..12a98eb6d 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1590,13 +1590,12 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, * \note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN. * * \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on - * allocation failure, MBEDTLS_ERR_BAD_INPUT_DATA on + * allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on * too long input hostname. * - * \post Hostname set to the one provided on success (cleared + * Hostname set to the one provided on success (cleared * when NULL). On allocation failure hostname is cleared. * On too long input failure, old hostname is unchanged. - * */ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ); #endif /* MBEDTLS_X509_CRT_PARSE_C */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 31eb203d8..94c521dd9 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -80,6 +80,13 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl, } /* + * Sect. 3, RFC 6066 (TLS Extensions Definitions) + * + * In order to provide any of the server names, clients MAY include an + * extension of type "server_name" in the (extended) client hello. The + * "extension_data" field of this extension SHALL contain + * "ServerNameList" where: + * * struct { * NameType name_type; * select (name_type) { @@ -96,6 +103,7 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl, * struct { * ServerName server_name_list<1..2^16-1> * } ServerNameList; + * */ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME ) & 0xFF ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 542ca68f2..23689d995 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6039,7 +6039,7 @@ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ) return( 0 ); } -#endif +#endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,