diff options
author | Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> | 2014-05-21 23:34:55 +0900 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2014-05-23 17:00:07 +0200 |
commit | c7638d93b0a2f24be7342fa9f902dab835dc837b (patch) | |
tree | 54f8b95f4ce4bf5087e864f6145645f9a1aae80c | |
parent | 3b65aeda52e9847fb05049472b16198bd5002ffc (diff) |
openssl: Fix uninitialized variable use in NPN callback
OpenSSL passes out and outlen variable uninitialized to
select_next_proto_cb callback function. If the callback function
returns SSL_TLSEXT_ERR_OK, the caller assumes the callback filled
values in out and outlen and processes as such. Previously, if there
is no overlap in protocol lists, curl code does not fill any values in
these variables and returns SSL_TLSEXT_ERR_OK, which means we are
triggering undefined behavior. valgrind warns this.
This patch fixes this issue by fallback to HTTP/1.1 if there is no
overlap.
-rw-r--r-- | lib/vtls/openssl.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 68c10678a..0e9c8f0bd 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -1440,7 +1440,11 @@ select_next_proto_cb(SSL *ssl, conn->negnpn = NPN_HTTP1_1; } else { - infof(conn->data, "NPN, no overlap, negotiated nothing\n"); + infof(conn->data, "NPN, no overlap, use HTTP1.1\n", + NGHTTP2_PROTO_VERSION_ID); + *out = (unsigned char*)"http/1.1"; + *outlen = sizeof("http/1.1") - 1; + conn->negnpn = NPN_HTTP1_1; } return SSL_TLSEXT_ERR_OK; |