openssl: Fix uninitialized variable use in NPN callback

OpenSSL passes out and outlen variable uninitialized to select_next_proto_cb callback function. If the callback function returns SSL_TLSEXT_ERR_OK, the caller assumes the callback filled values in out and outlen and processes as such. Previously, if there is no overlap in protocol lists, curl code does not fill any values in these variables and returns SSL_TLSEXT_ERR_OK, which means we are triggering undefined behavior. valgrind warns this. This patch fixes this issue by fallback to HTTP/1.1 if there is no overlap.
author: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> 2014-05-21 23:34:55 +0900
committer: Daniel Stenberg <daniel@haxx.se> 2014-05-23 17:00:07 +0200
commit: c7638d93b0a2f24be7342fa9f902dab835dc837b (patch)
tree: 54f8b95f4ce4bf5087e864f6145645f9a1aae80c /lib
parent: 3b65aeda52e9847fb05049472b16198bd5002ffc (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 68c10678a..0e9c8f0bd 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1440,7 +1440,11 @@ select_next_proto_cb(SSL *ssl,
     conn->negnpn = NPN_HTTP1_1;
   }
   else {
-    infof(conn->data, "NPN, no overlap, negotiated nothing\n");
+    infof(conn->data, "NPN, no overlap, use HTTP1.1\n",
+          NGHTTP2_PROTO_VERSION_ID);
+    *out = (unsigned char*)"http/1.1";
+    *outlen = sizeof("http/1.1") - 1;
+    conn->negnpn = NPN_HTTP1_1;
   }
 
   return SSL_TLSEXT_ERR_OK;
author	Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>	2014-05-21 23:34:55 +0900
committer	Daniel Stenberg <daniel@haxx.se>	2014-05-23 17:00:07 +0200
commit	c7638d93b0a2f24be7342fa9f902dab835dc837b (patch)
tree	54f8b95f4ce4bf5087e864f6145645f9a1aae80c /lib
parent	3b65aeda52e9847fb05049472b16198bd5002ffc (diff)