server_name: only save the supported server names in the session

Invalid server names with embedded nulls and unsupported types
are not saved.

1 files changed, 14 insertions, 10 deletions

diff --git a/lib/ext/server_name.c b/lib/ext/server_name.c
index 382698bb62..26c1e22f5e 100644
--- a/lib/ext/server_name.c
+++ b/lib/ext/server_name.c
@@ -64,7 +64,7 @@ static int
 _gnutls_server_name_recv_params(gnutls_session_t session,
 				const uint8_t * data, size_t _data_size)
 {
-	int i;
+	int i, j;
 	const unsigned char *p;
 	uint16_t len, type;
 	ssize_t data_size = _data_size;
@@ -124,10 +124,8 @@ _gnutls_server_name_recv_params(gnutls_session_t session,
 			return GNUTLS_E_MEMORY_ERROR;
 		}
 
-		priv->server_names_size = server_names;
-
 		p = data + 2;
-		for (i = 0; i < server_names; i++) {
+		for (j = i = 0; i < server_names; i++) {
 			type = *p;
 			p++;
 
@@ -136,13 +134,17 @@ _gnutls_server_name_recv_params(gnutls_session_t session,
 
 			switch (type) {
 			case 0:	/* NAME_DNS */
-				if (len <= MAX_SERVER_NAME_SIZE) {
-					memcpy(priv->server_names[i].name,
+				if (len < MAX_SERVER_NAME_SIZE) {
+					memcpy(priv->server_names[j].name,
 					       p, len);
-					priv->server_names[i].name_length =
-					    len;
-					priv->server_names[i].type =
-					    GNUTLS_NAME_DNS;
+					priv->server_names[j].name[len] = 0;
+					priv->server_names[j].name_length =
+					    strlen((char*)priv->server_names[j].name);
+					if (priv->server_names[j].name_length == len) {
+						priv->server_names[j].type =
+						    GNUTLS_NAME_DNS;
+						j++;
+					}
 					break;
 				}
 			}
@@ -151,6 +153,8 @@ _gnutls_server_name_recv_params(gnutls_session_t session,
 			p += len;
 		}
 
+		priv->server_names_size = j;
+
 		epriv.ptr = priv;
 		_gnutls_ext_set_session_data(session,
 					     GNUTLS_EXTENSION_SERVER_NAME,