Dig: carefully check if the server name for SNI is a hostname

Previously the code would not check if the string intended to be used
for SNI is a hostname.

diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index d92c30a3f93cb87e07021a613d405b18b502cee6..334ad2be8d7f1c337b634db35c0f08d62e094be0 100644 (file)
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -2780,8 +2780,19 @@ _cancel_lookup(dig_lookup_t *lookup, const char *file, unsigned int line) {
 
 static inline const char *
 get_tls_sni_hostname(dig_query_t *query) {
-       return query->lookup->tls_hostname_set ? query->lookup->tls_hostname
-                                              : query->userarg;
+       const char *hostname = query->lookup->tls_hostname_set
+                                      ? query->lookup->tls_hostname
+                                      : query->userarg;
+
+       if (query->lookup->tls_hostname_set) {
+               return query->lookup->tls_hostname;
+       }
+
+       if (isc_tls_valid_sni_hostname(hostname)) {
+               return hostname;
+       }
+
+       return NULL;
 }
 
 static isc_tlsctx_t *