From: Stefan Eissing <stefan@eissing.org>
Date: Thu, 25 Sep 2025 09:15:15 +0000 (+0200)
Subject: vtls: alpn setting, check proto parameter
X-Git-Tag: rc-8_17_0-2~358
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cbc30d4ed2720a18ccf86a24eb3659a9cff74a1b;p=thirdparty%2Fcurl.git

vtls: alpn setting, check proto parameter

When setting the negotiated alpn protocol, either then length
must be 0 or a pointer must be passed.

Reported in Joshua's sarif data

Closes #18717
---

diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
index bfec585ce2..9872e4c24d 100644
--- a/lib/vtls/vtls.c
+++ b/lib/vtls/vtls.c
@@ -1993,6 +1993,11 @@ CURLcode Curl_alpn_set_negotiated(struct Curl_cfilter *cf,
       result = CURLE_SSL_CONNECT_ERROR;
       goto out;
     }
+    else if(!proto) {
+      DEBUGASSERT(0); /* with length, we need a pointer */
+      result = CURLE_SSL_CONNECT_ERROR;
+      goto out;
+    }
     else if((strlen(connssl->negotiated.alpn) != proto_len) ||
             memcmp(connssl->negotiated.alpn, proto, proto_len)) {
       failf(data, "ALPN: asked for '%s' from previous session, but server "