diff options
| author | Kenny Root <kroot@google.com> | 2013-05-29 12:29:21 -0700 |
|---|---|---|
| committer | Kenny Root <kroot@android.com> | 2013-05-29 19:34:40 +0000 |
| commit | 83c16bcb5eb3e6c0ad18a620912ecdf3a401e6a3 (patch) | |
| tree | d04c8417d9102598bd8af04b933b94a8cea2837f | |
| parent | 5a77ade75d48732b5c46a08223f3538dc899be47 (diff) | |
| download | libcore-83c16bcb5eb3e6c0ad18a620912ecdf3a401e6a3.zip libcore-83c16bcb5eb3e6c0ad18a620912ecdf3a401e6a3.tar.gz libcore-83c16bcb5eb3e6c0ad18a620912ecdf3a401e6a3.tar.bz2 | |
NativeCrypto: check that npnProtocols != NULL
There appears to be a path where an application can not specify which
NPN protocols it supports but can request that it is negotiated. Match
the advertise method by checking that we have NPN methods set before
using them in a call back to OpenSSL.
Bug: 9186885
Change-Id: I1f35d45709f264d6e2f0c7fef316cb6d93db4ed1
| -rw-r--r-- | crypto/src/main/native/org_conscrypt_NativeCrypto.cpp | 33 |
1 files changed, 19 insertions, 14 deletions
diff --git a/crypto/src/main/native/org_conscrypt_NativeCrypto.cpp b/crypto/src/main/native/org_conscrypt_NativeCrypto.cpp index 4f5bef0..cc8a16e 100644 --- a/crypto/src/main/native/org_conscrypt_NativeCrypto.cpp +++ b/crypto/src/main/native/org_conscrypt_NativeCrypto.cpp @@ -6740,20 +6740,25 @@ static int next_proto_select_callback(SSL* ssl, unsigned char **out, unsigned ch AppData* appData = toAppData(ssl); JNI_TRACE("AppData=%p", appData); unsigned char* npnProtocols = reinterpret_cast<unsigned char*>(appData->npnProtocolsData); - size_t npnProtocolsLength = appData->npnProtocolsLength; - JNI_TRACE("npn_protocols=%p, length=%d", npnProtocols, npnProtocolsLength); - - int status = SSL_select_next_proto(out, outlen, in, inlen, npnProtocols, npnProtocolsLength); - switch (status) { - case OPENSSL_NPN_NEGOTIATED: - JNI_TRACE("ssl=%p next_proto_select_callback NPN negotiated", ssl); - break; - case OPENSSL_NPN_UNSUPPORTED: - JNI_TRACE("ssl=%p next_proto_select_callback NPN unsupported", ssl); - break; - case OPENSSL_NPN_NO_OVERLAP: - JNI_TRACE("ssl=%p next_proto_select_callback NPN no overlap", ssl); - break; + if (npnProtocols != NULL) { + size_t npnProtocolsLength = appData->npnProtocolsLength; + JNI_TRACE("npn_protocols=%p, length=%d", npnProtocols, npnProtocolsLength); + + int status = SSL_select_next_proto(out, outlen, in, inlen, npnProtocols, + npnProtocolsLength); + switch (status) { + case OPENSSL_NPN_NEGOTIATED: + JNI_TRACE("ssl=%p next_proto_select_callback NPN negotiated", ssl); + break; + case OPENSSL_NPN_UNSUPPORTED: + JNI_TRACE("ssl=%p next_proto_select_callback NPN unsupported", ssl); + break; + case OPENSSL_NPN_NO_OVERLAP: + JNI_TRACE("ssl=%p next_proto_select_callback NPN no overlap", ssl); + break; + } + } else { + JNI_TRACE("npn_protocols=NULL"); } return SSL_TLSEXT_ERR_OK; } |