Avoid buffer overflow if one protocol string is too long, but at least

one is not.

Also add log messages numbers and avoid useless string dup.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1345599 13f79535-47bb-0310-9956-ffa450edef68

docs/log-message-tags/next-number

@@ -1 +1 @@
-2306
+2308

modules/ssl/ssl_engine_io.c

@@ -1388,9 +1388,8 @@ static apr_status_t ssl_io_filter_input(ap_filter_t *f,
         SSL_get0_next_proto_negotiated(
             inctx->ssl, &next_proto, &next_proto_len);
         ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, f->c,
-                      "SSL NPN negotiated protocol: '%s'",
-                      apr_pstrmemdup(f->c->pool, (const char*)next_proto,
-                                     next_proto_len));
+                      APLOGNO(02306) "SSL NPN negotiated protocol: '%*s'",
+                      next_proto_len, (const char*)next_proto);
         modssl_run_npn_proto_negotiated_hook(
             f->c, (const char*)next_proto, next_proto_len);
         inctx->npn_finished = 1;

modules/ssl/ssl_engine_kernel.c

@@ -2189,7 +2189,7 @@ int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data_out,
         /* If the protocol name is too long (the length must fit in one byte),
          * then log an error and skip it. */
         if (length > 255) {
-            ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
+            ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02307)
                           "SSL NPN protocol name too long (length=%u): %s",
                           length, string);
             continue;
@@ -2213,6 +2213,8 @@ int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data_out,
     for (i = 0; i < num_protos; ++i) {
         const char *string = APR_ARRAY_IDX(protos, i, const char*);
         apr_size_t length = strlen(string);
+        if (length > 255)
+            continue;
         *start = (unsigned char)length;
         ++start;
         memcpy(start, string, length * sizeof(unsigned char));