Validate protocols in SSL{_CTX,}_set_alpn_protos()

This wonderful API requires users to pass the protocol list in wire
format. This list is then sent as part of the ClientHello. Validate
it to be of the correct form. This reuses tlsext_alpn_check_format()
that was split out of tlsext_alpn_server_parse().

Similar checks were introduced in OpenSSL 86a90dc7

ok jsing

diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index 08f2f74..c6a01fa 100644 (file)
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.297 2022/07/20 13:57:49 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.298 2022/07/20 14:08:49 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -162,6 +162,7 @@
 #include "dtls_locl.h"
 #include "ssl_locl.h"
 #include "ssl_sigalgs.h"
+#include "ssl_tlsext.h"
 
 const char *SSL_version_str = OPENSSL_VERSION_TEXT;
 
@@ -1771,6 +1772,11 @@ SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
 
        CBS_init(&cbs, protos, protos_len);
 
+       if (protos_len > 0) {
+               if (!tlsext_alpn_check_format(&cbs))
+                       goto err;
+       }
+
        if (!CBS_stow(&cbs, &ctx->internal->alpn_client_proto_list,
            &ctx->internal->alpn_client_proto_list_len))
                goto err;
@@ -1799,6 +1805,11 @@ SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
 
        CBS_init(&cbs, protos, protos_len);
 
+       if (protos_len > 0) {
+               if (!tlsext_alpn_check_format(&cbs))
+                       goto err;
+       }
+
        if (!CBS_stow(&cbs, &ssl->internal->alpn_client_proto_list,
            &ssl->internal->alpn_client_proto_list_len))
                goto err;