1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Schannel: ALPN: Don't include empty, too long or truncated names

Browse Source 
As is said in RFC7301 in section 3.1 [1]:

Protocols are named by IANA-registered, opaque, non-empty byte strings
[...]. Empty strings MUST NOT be included and byte strings MUST NOT be
truncated.

[1]: https://tools.ietf.org/html/rfc7301#section-3.1

Change-Id: I38168ac570a433807e16121d5dec46d4ac73c4bf
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
This commit is contained in:
Mårten Nordheim 2019-08-14 15:01:57 +02:00
parent 66a1975200
commit c7b1cbdea9
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/network/ssl/qsslsocket_schannel.cpp
View File

@ -408,13 +408,17 @@ QByteArray createAlpnString(const QByteArrayList &nextAllowedProtocols)
for (QByteArray proto : nextAllowedProtocols) { for (QByteArray proto : nextAllowedProtocols) {
if (proto.size() > 255) { if (proto.size() > 255) {
qCWarning(lcSsl) << "TLS ALPN extension" << proto qCWarning(lcSsl) << "TLS ALPN extension" << proto
<< "is too long and will be truncated to 255 characters."; << "is too long and will be ignored.";
proto = proto.left(255); continue;
} else if (proto.isEmpty()) {
continue;
} }
protocolString += char(proto.length()) + proto; protocolString += char(proto.length()) + proto;
} }
return protocolString; return protocolString;
}(); }();
if (names.isEmpty())
return alpnString;
const quint16 namesSize = names.size(); const quint16 namesSize = names.size();
const quint32 alpnId = SecApplicationProtocolNegotiationExt_ALPN; const quint32 alpnId = SecApplicationProtocolNegotiationExt_ALPN;