Index: ssl/t1_lib.c =================================================================== RCS file: /v/openssl/cvs/openssl/ssl/t1_lib.c,v retrieving revision 1.13.2.27 diff -u -r1.13.2.27 t1_lib.c --- openssl/ssl/t1_lib.c 12 Jun 2010 13:18:58 -0000 1.13.2.27 +++ openssl/ssl/t1_lib.c 3 Nov 2010 23:44:54 -0000 @@ -432,14 +432,23 @@ switch (servname_type) { case TLSEXT_NAMETYPE_host_name: - if (s->session->tlsext_hostname == NULL) + if (!s->hit) { - if (len > TLSEXT_MAXLEN_host_name || - ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)) + if(s->session->tlsext_hostname) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + if (len > TLSEXT_MAXLEN_host_name) { *al = TLS1_AD_UNRECOGNIZED_NAME; return 0; } + if ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL) + { + *al = TLS1_AD_INTERNAL_ERROR; + return 0; + } memcpy(s->session->tlsext_hostname, sdata, len); s->session->tlsext_hostname[len]='\0'; if (strlen(s->session->tlsext_hostname) != len) { @@ -452,7 +461,8 @@ } else - s->servername_done = strlen(s->session->tlsext_hostname) == len + s->servername_done = s->session->tlsext_hostname + && strlen(s->session->tlsext_hostname) == len && strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0; break;