Avoid buffer overflow if one protocol string is too long, but at least

one is not.

Also add log messages numbers and avoid useless string dup.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1345599 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 3 insertions, 1 deletions

diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index cc25a6a0a0..bc9e26b92f 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -2189,7 +2189,7 @@ int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data_out,
         /* If the protocol name is too long (the length must fit in one byte),
          * then log an error and skip it. */
         if (length > 255) {
-            ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
+            ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02307)
                           "SSL NPN protocol name too long (length=%u): %s",
                           length, string);
             continue;
@@ -2213,6 +2213,8 @@ int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data_out,
     for (i = 0; i < num_protos; ++i) {
         const char *string = APR_ARRAY_IDX(protos, i, const char*);
         apr_size_t length = strlen(string);
+        if (length > 255)
+            continue;
         *start = (unsigned char)length;
         ++start;
         memcpy(start, string, length * sizeof(unsigned char));