Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix OpenSSL ALPN array corruption #2235

Merged
merged 2 commits into from Nov 25, 2018

Conversation

Projects
None yet
2 participants
@GallaFrancesco
Copy link
Contributor

GallaFrancesco commented Nov 22, 2018

The current alpn() method used to retrieve the negotiated ALPN protocol does not retun a well-formed string but causes a memory corruption, since the SSL_get0_alpn_selected function expects a NULL pointer. From man SSL_get0_alpn_selected:

void
SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, unsigned int *len);
...
SSL_get0_alpn_selected() returns a pointer to the selected protocol in data with length len.  It is
not NUL-terminated.  data is set to NULL and len is set to 0 if no protocol has been selected.
data must not be freed.

This bug can be reproduced by initalizing an OpenSSLStream and call its alpn() method after a TLS handshake has been completed and alpnCallback has been invoked.

The proposed solution is to use a const(ubyte)* pointer which is initialized to null and returned through a cast(string).

@s-ludwig s-ludwig merged commit 12bd88d into vibe-d:master Nov 25, 2018

1 of 2 checks passed

continuous-integration/travis-ci/pr The Travis CI build failed
Details
continuous-integration/appveyor/pr AppVeyor build succeeded
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.