BUG/MINOR: ssl-hello: make use of the null-terminated servername

In ssl_sock_switchctx_cbk(), the servername is copied into the trash
and null-terminated, but later in the call to strncpy() it's still used
as-is, so anything that follows it will be copied as well, which is not
really expected. Let's make the servername point to the trash after
sanitizing it, like ssl_sock_switchcbk_wolfSSL_cbk() does.

This can be backported to 2.6 since it was introduced with commit
a996763619 ("BUG/MINOR: ssl: Store client SNI in SSL context in case
of ClientHello error").

diff --git a/src/ssl_clienthello.c b/src/ssl_clienthello.c
index 7d769611b8b0c5b64d8ac94b69c9d39a7fa41f0b..3148de24d700637eeee4d10802d9ce70da2abcc1 100644 (file)
--- a/src/ssl_clienthello.c
+++ b/src/ssl_clienthello.c
@@ -448,6 +448,7 @@ sni_lookup:
        for (i = 0; i < trash.size && i < servername_len; i++)
                trash.area[i] = tolower((unsigned char)servername[i]);
        trash.area[i] = 0;
+       servername = trash.area;
 
        HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
        sni_ctx = ssl_sock_choose_sni_ctx(s, conn, trash.area, has_rsa_sig, has_ecdsa_sig);