From e52d22d5f9dc439658746d25cb69702749ec3f67 Mon Sep 17 00:00:00 2001
From: Steven Valdez <svaldez@chromium.org>
Date: Wed, 24 Feb 2016 10:44:54 -0500
Subject: [PATCH] Empty SNI names are not valid

(Imported from upstream's 4d6fe78f65be650c84e14777c90e7a088f7a44ce)

Change-Id: Id28e0d49da2490e454dcb8603ccb93a506dfafaf
Reviewed-on: https://boringssl-review.googlesource.com/7206
Reviewed-by: David Benjamin <davidben@google.com>
---
 ssl/s3_lib.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index b036b641..bbc2b21f 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -359,7 +359,9 @@ int SSL_set_tlsext_host_name(SSL *ssl, const char *name) {
   if (name == NULL) {
     return 1;
   }
-  if (strlen(name) > TLSEXT_MAXLEN_host_name) {
+
+  size_t len = strlen(name);
+  if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
     return 0;
   }