commit a8d4a89770f9de24a812a3638c83dde56542d413
from: Omar Polo <op@omarpolo.com>
date: Fri Jan 29 17:29:14 2021 UTC

don't ignore punycode errors when decoding SNI-provided servname

commit - 4a3ab6092855f7297ed1b29e89e3423fbece4e5b
commit + a8d4a89770f9de24a812a3638c83dde56542d413
blob - 137103ff3985eeaba927c7d38e0c0c205856cb69
blob + 4ee62bc35cd2c1aa99f19bd1b33d2f0738e16965
--- server.c
+++ server.c
@@ -251,6 +251,7 @@ handle_handshake(struct pollfd *fds, struct client *c)
 {
 	struct vhost *h;
 	const char *servname;
+	const char *parse_err = "unknown error";
 
 	switch (tls_handshake(c->ctx)) {
 	case 0:  /* success */
@@ -268,7 +269,10 @@ handle_handshake(struct pollfd *fds, struct client *c)
 	}
 
 	servname = tls_conn_servername(c->ctx);
-	puny_decode(servname, c->domain, sizeof(c->domain));
+	if (!puny_decode(servname, c->domain, sizeof(c->domain), &parse_err)) {
+		LOGI(c, "%s", parse_err);
+		goto err;
+	}
 
 	for (h = hosts; h->domain != NULL; ++h) {
 		if (!fnmatch(h->domain, c->domain, 0))
@@ -287,12 +291,13 @@ handle_handshake(struct pollfd *fds, struct client *c)
 		return;
 	}
 
+err:
 	if (servname != NULL)
 		strncpy(c->req, servname, sizeof(c->req));
 	else
 		strncpy(c->req, "null", sizeof(c->req));
 
-	start_reply(fds, c, BAD_REQUEST, "Wrong host or missing SNI");
+	start_reply(fds, c, BAD_REQUEST, "Wrong/malformed host or missing SNI");
 }
 
 void