This is an automated email from the ASF dual-hosted git repository. cmcfarlen pushed a commit to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit c7b7183ef7f3c17476f35ec5a4cb7e12c24f8d8a Author: Masakazu Kitajo <[email protected]> AuthorDate: Mon Jul 15 16:24:17 2024 -0600 Check incoming protocol list length first (#11545) If the length is 0, there's no need to do check the other list (cherry picked from commit 34819d12e1a3c838bce60b8911897767150de50e) --- src/iocore/net/ALPNSupport.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/iocore/net/ALPNSupport.cc b/src/iocore/net/ALPNSupport.cc index 20bcd18b42..dbe9eb74c7 100644 --- a/src/iocore/net/ALPNSupport.cc +++ b/src/iocore/net/ALPNSupport.cc @@ -104,7 +104,7 @@ ALPNSupport::select_next_protocol(const unsigned char **out, unsigned char *outl unsigned int npnsize = 0; int retval = SSL_TLSEXT_ERR_ALERT_FATAL; - if (this->getNPN(&npnptr, &npnsize) && npnsize > 0) { + if (inlen > 0 && this->getNPN(&npnptr, &npnsize) && npnsize > 0) { // SSL_select_next_proto chooses the first server-offered protocol that appears in the clients protocol set, ie. the // server selects the protocol. This is a n^2 search, so it's preferable to keep the protocol set short. if (SSL_select_next_proto(const_cast<unsigned char **>(out), outlen, npnptr, npnsize, in, inlen) == OPENSSL_NPN_NEGOTIATED) {
