TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / c7845e51f3b5ab0e93fb2560588849a00b1d35c8^! / .
commitc7845e51f3b5ab0e93fb2560588849a00b1d35c8[log] [tgz]
authorHanno Becker <hanno.becker@arm.com>Fri Apr 07 13:02:16 2017 +0100
committerSimon Butcher <simon.butcher@arm.com>Sat Sep 30 23:49:01 2017 +0100
treea24a3e3cdd14adb8749a2016b74b8a901e095dee
parent7891da28ea0ab58270fcc584d5dc4c8bc464d4ad [diff]
Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog.

Add a reference to the relevant RFC, adapt ChangeLog.

diff --git a/ChangeLog b/ChangeLog
index 1d06476..e70aeee 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -118,6 +118,8 @@
      team. #569 CVE-2017-2784
 
 Bugfix
+   * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times.
+     Found by jethrogb, #836.
    * Fix output certificate verification flags set by x509_crt_verify_top() when
      traversing a chain of trusted CA. The issue would cause both flags,
      MBEDTLS_X509_BADCERT_NOT_TRUSTED and MBEDTLS_X509_BADCERT_EXPIRED, to be

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 6084a51..12a98eb 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h

@@ -1590,13 +1590,12 @@
  * \note           Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN.
  *
  * \return         0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on 
- *                 allocation failure, MBEDTLS_ERR_BAD_INPUT_DATA on 
+ *                 allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on 
  *                 too long input hostname.
  *
- * \post           Hostname set to the one provided on success (cleared
+ *                 Hostname set to the one provided on success (cleared
  *                 when NULL). On allocation failure hostname is cleared. 
  *                 On too long input failure, old hostname is unchanged.
- *
  */
 int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname );
 #endif /* MBEDTLS_X509_CRT_PARSE_C */

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 31eb203..94c521d 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c

@@ -80,6 +80,13 @@
     }
 
     /*
+     * Sect. 3, RFC 6066 (TLS Extensions Definitions)
+     *
+     * In order to provide any of the server names, clients MAY include an
+     * extension of type "server_name" in the (extended) client hello. The
+     * "extension_data" field of this extension SHALL contain
+     * "ServerNameList" where:
+     *
      * struct {
      *     NameType name_type;
      *     select (name_type) {
@@ -96,6 +103,7 @@
      * struct {
      *     ServerName server_name_list<1..2^16-1>
      * } ServerNameList;
+     *
      */
     *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME >> 8 ) & 0xFF );
     *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME      ) & 0xFF );

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 542ca68..23689d9 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -6039,7 +6039,7 @@
 
     return( 0 );
 }
-#endif
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
 
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
 void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,