From 11646b3240b90d1f5822197ecf86e74ef1518935 Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Thu, 18 Apr 2024 17:45:50 -0600
Subject: [PATCH] JNI: rework WolfSSLSession.useALPN() to guarantee list is
 null terminated

---
 native/com_wolfssl_WolfSSLSession.c | 30 +++++++++++++++++++++--------
 1 file changed, 22 insertions(+), 8 deletions(-)

diff --git a/native/com_wolfssl_WolfSSLSession.c b/native/com_wolfssl_WolfSSLSession.c
index 70028a92..915aa653 100644
--- a/native/com_wolfssl_WolfSSLSession.c
+++ b/native/com_wolfssl_WolfSSLSession.c
@@ -4221,33 +4221,47 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_WolfSSLSession_sslGet0AlpnSelected
 }
 
 JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLSession_useALPN
-  (JNIEnv* jenv, jobject jcl, jlong ssl, jstring protocols, jint options)
+  (JNIEnv* jenv, jobject jcl, jlong sslPtr, jstring protocols, jint options)
 {
     int ret = SSL_FAILURE;
 #ifdef HAVE_ALPN
-    const char* protoList;
+    WOLFSSL* ssl = (WOLFSSL*)(uintptr_t)sslPtr;
+    char* protoList = NULL;
+    jsize protocolsLen = 0;
     (void)jcl;
 
     if (jenv == NULL || ssl == 0 || protocols == NULL || options < 0) {
         return BAD_FUNC_ARG;
     }
 
-    protoList = (*jenv)->GetStringUTFChars(jenv, protocols, 0);
+    protocolsLen = (*jenv)->GetStringUTFLength(jenv, protocols);
+    if (protocolsLen == 0) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* Allocate size + 1 to guarantee we are null terminated */
+    protoList = (char*)XMALLOC(protocolsLen + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (protoList == NULL) {
+        return MEMORY_E;
+    }
 
-    ret = (jint) wolfSSL_UseALPN((WOLFSSL*)(uintptr_t)ssl, (char*)protoList,
-            (unsigned int)XSTRLEN(protoList), (int)options);
+    /* GetStringUTFRegion() does not need to be freed/released */
+    (*jenv)->GetStringUTFRegion(jenv, protocols, 0, protocolsLen, protoList);
+    protoList[protocolsLen] = '\0';
 
-    (*jenv)->ReleaseStringUTFChars(jenv, protocols, protoList);
+    ret = wolfSSL_UseALPN(ssl, protoList, protocolsLen, (int)options);
+
+    XFREE(protoList, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #else
     (void)jenv;
     (void)jcl;
-    (void)ssl;
+    (void)sslPtr;
     (void)protocols;
     (void)options;
     ret = NOT_COMPILED_IN;
 #endif
 
-    return ret;
+    return (jint)ret;
 }
 
 JNIEXPORT int JNICALL Java_com_wolfssl_WolfSSLSession_setALPNSelectCb