From 73132dad0c21738fcd6d994dc16b80809453a73b Mon Sep 17 00:00:00 2001
From: yknoya <kikenoya@yahoo-corp.jp>
Date: Thu, 7 Sep 2023 09:01:51 +0900
Subject: [PATCH] fix: check whether a protocol is enabled during the length
 calculation in create_npn_advertisement

---
 iocore/net/SSLNextProtocolSet.cc | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/iocore/net/SSLNextProtocolSet.cc b/iocore/net/SSLNextProtocolSet.cc
index 4b1a4d3828f..9b6912049e8 100644
--- a/iocore/net/SSLNextProtocolSet.cc
+++ b/iocore/net/SSLNextProtocolSet.cc
@@ -54,8 +54,10 @@ SSLNextProtocolSet::create_npn_advertisement(const SessionProtocolSet &enabled,
   *len = 0;
 
   for (ep = endpoints.head; ep != nullptr; ep = endpoints.next(ep)) {
-    ink_release_assert((strlen(ep->protocol) > 0));
-    *len += (strlen(ep->protocol) + 1);
+    if (enabled.contains(globalSessionProtocolNameRegistry.toIndex(swoc::TextView{ep->protocol, strlen(ep->protocol)}))) {
+      ink_release_assert((strlen(ep->protocol) > 0));
+      *len += (strlen(ep->protocol) + 1);
+    }
   }
 
   *npn = advertised = static_cast<unsigned char *>(ats_malloc(*len));