From a2bc88f6dba506f1d3ae5eff5326c0f23176a8c5 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Fri, 14 Nov 2014 23:19:16 +0900
Subject: [PATCH] nghttpx: Check max length of ALPN field

---
 src/shrpx_ssl.cc | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/shrpx_ssl.cc b/src/shrpx_ssl.cc
index 9e18217b..03e1c1bd 100644
--- a/src/shrpx_ssl.cc
+++ b/src/shrpx_ssl.cc
@@ -99,6 +99,11 @@ std::vector<unsigned char> set_alpn_prefs(const std::vector<char*>& protos)
     len += 1 + n;
   }
 
+  if(len > (1 << 16) - 1) {
+      LOG(FATAL) << "Too long ALPN identifier list: " << len;
+      DIE();
+  }
+
   auto out = std::vector<unsigned char>(len);
   auto ptr = out.data();