This is an automated email from the ASF dual-hosted git repository.

cmcfarlen pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

commit c7b7183ef7f3c17476f35ec5a4cb7e12c24f8d8a
Author: Masakazu Kitajo <[email protected]>
AuthorDate: Mon Jul 15 16:24:17 2024 -0600

    Check incoming protocol list length first (#11545)
    
    If the length is 0, there's no need to do check the other list
    
    (cherry picked from commit 34819d12e1a3c838bce60b8911897767150de50e)
---
 src/iocore/net/ALPNSupport.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/iocore/net/ALPNSupport.cc b/src/iocore/net/ALPNSupport.cc
index 20bcd18b42..dbe9eb74c7 100644
--- a/src/iocore/net/ALPNSupport.cc
+++ b/src/iocore/net/ALPNSupport.cc
@@ -104,7 +104,7 @@ ALPNSupport::select_next_protocol(const unsigned char 
**out, unsigned char *outl
   unsigned int         npnsize = 0;
   int                  retval  = SSL_TLSEXT_ERR_ALERT_FATAL;
 
-  if (this->getNPN(&npnptr, &npnsize) && npnsize > 0) {
+  if (inlen > 0 && this->getNPN(&npnptr, &npnsize) && npnsize > 0) {
     // SSL_select_next_proto chooses the first server-offered protocol that 
appears in the clients protocol set, ie. the
     // server selects the protocol. This is a n^2 search, so it's preferable 
to keep the protocol set short.
     if (SSL_select_next_proto(const_cast<unsigned char **>(out), outlen, 
npnptr, npnsize, in, inlen) == OPENSSL_NPN_NEGOTIATED) {

Reply via email to