From a8d4a89770f9de24a812a3638c83dde56542d413 Mon Sep 17 00:00:00 2001
From: Omar Polo <op@omarpolo.com>
Date: Fri, 29 Jan 2021 17:29:14 +0000
Subject: [PATCH] don't ignore punycode errors when decoding SNI-provided
 servname

---
 server.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/server.c b/server.c
index 137103f..4ee62bc 100644
--- a/server.c
+++ b/server.c
@@ -251,6 +251,7 @@ handle_handshake(struct pollfd *fds, struct client *c)
 {
 	struct vhost *h;
 	const char *servname;
+	const char *parse_err = "unknown error";
 
 	switch (tls_handshake(c->ctx)) {
 	case 0:  /* success */
@@ -268,7 +269,10 @@ handle_handshake(struct pollfd *fds, struct client *c)
 	}
 
 	servname = tls_conn_servername(c->ctx);
-	puny_decode(servname, c->domain, sizeof(c->domain));
+	if (!puny_decode(servname, c->domain, sizeof(c->domain), &parse_err)) {
+		LOGI(c, "%s", parse_err);
+		goto err;
+	}
 
 	for (h = hosts; h->domain != NULL; ++h) {
 		if (!fnmatch(h->domain, c->domain, 0))
@@ -287,12 +291,13 @@ handle_handshake(struct pollfd *fds, struct client *c)
 		return;
 	}
 
+err:
 	if (servname != NULL)
 		strncpy(c->req, servname, sizeof(c->req));
 	else
 		strncpy(c->req, "null", sizeof(c->req));
 
-	start_reply(fds, c, BAD_REQUEST, "Wrong host or missing SNI");
+	start_reply(fds, c, BAD_REQUEST, "Wrong/malformed host or missing SNI");
 }
 
 void