Schannel: ALPN: Don't include empty, too long or truncated names

As is said in RFC7301 in section 3.1 [1]: Protocols are named by IANA-registered, opaque, non-empty byte strings [...]. Empty strings MUST NOT be included and byte strings MUST NOT be truncated. [1]: https://tools.ietf.org/html/rfc7301#section-3.1 Change-Id: I38168ac570a433807e16121d5dec46d4ac73c4bf Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io> Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2019-08-14 15:01:57 +02:00 · 2019-08-14 15:01:57 +02:00 · c7b1cbdea9
commit c7b1cbdea9
parent 66a1975200
1 changed files with 6 additions and 2 deletions
--- a/src/network/ssl/qsslsocket_schannel.cpp
+++ b/src/network/ssl/qsslsocket_schannel.cpp
@ -408,13 +408,17 @@ QByteArray createAlpnString(const QByteArrayList &nextAllowedProtocols)
            for (QByteArray proto : nextAllowedProtocols) {
                if (proto.size() > 255) {
                    qCWarning(lcSsl) << "TLS ALPN extension" << proto
-                                     << "is too long and will be truncated to 255 characters.";
-                    proto = proto.left(255);
+                                     << "is too long and will be ignored.";
+                    continue;
+                } else if (proto.isEmpty()) {
+                    continue;
                }
                protocolString += char(proto.length()) + proto;
            }
            return protocolString;
        }();
+        if (names.isEmpty())
+            return alpnString;

        const quint16 namesSize = names.size();
        const quint32 alpnId = SecApplicationProtocolNegotiationExt_ALPN;