From 8ece78238cddee03b0f4c167fa3be8242d3e78d8 Mon Sep 17 00:00:00 2001
From: Anthony Ramine <123095+nox@users.noreply.github.com>
Date: Fri, 2 Aug 2024 09:26:03 +0200
Subject: [PATCH] Guard against empty strings given to select_next_proto (#252)

---
 boring/src/ssl/mod.rs      | 5 +++++
 boring/src/ssl/test/mod.rs | 7 +++++++
 2 files changed, 12 insertions(+)

diff --git a/boring/src/ssl/mod.rs b/boring/src/ssl/mod.rs
index a79cf656..bce58f43 100644
--- a/boring/src/ssl/mod.rs
+++ b/boring/src/ssl/mod.rs
@@ -815,6 +815,10 @@ impl CompliancePolicy {
 /// [`SslContextBuilder::set_alpn_protos`]: struct.SslContextBuilder.html#method.set_alpn_protos
 /// [`SSL_select_next_proto`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_alpn_protos.html
 pub fn select_next_proto<'a>(server: &[u8], client: &'a [u8]) -> Option<&'a [u8]> {
+    if server.is_empty() || client.is_empty() {
+        return None;
+    }
+
     unsafe {
         let mut out = ptr::null_mut();
         let mut outlen = 0;
@@ -826,6 +830,7 @@ pub fn select_next_proto<'a>(server: &[u8], client: &'a [u8]) -> Option<&'a [u8]
             client.as_ptr(),
             client.len() as c_uint,
         );
+
         if r == ffi::OPENSSL_NPN_NEGOTIATED {
             Some(slice::from_raw_parts(out as *const u8, outlen as usize))
         } else {
diff --git a/boring/src/ssl/test/mod.rs b/boring/src/ssl/test/mod.rs
index 9b6c6434..91236b54 100644
--- a/boring/src/ssl/test/mod.rs
+++ b/boring/src/ssl/test/mod.rs
@@ -275,6 +275,13 @@ fn test_alpn_server_select_none() {
     assert_eq!(None, s.ssl().selected_alpn_protocol());
 }
 
+#[test]
+fn test_empty_alpn() {
+    assert_eq!(ssl::select_next_proto(b"", b""), None);
+    assert_eq!(ssl::select_next_proto(b"", b"\x08http/1.1"), None);
+    assert_eq!(ssl::select_next_proto(b"\x08http/1.1", b""), None);
+}
+
 #[test]
 fn test_alpn_server_unilateral() {
     let server = Server::builder().build();