qbit/go
1
0
Fork 0
mirror of https://github.com/golang/go synced 2024-11-23 21:50:08 -07:00
Code Releases Activity

crypto/tls: reject ServerHellos with empty ALPN protocols.

Browse Source 
https://tools.ietf.org/html/rfc7301#section-3.1 specifies that a
ProtocolName may not be empty. This change enforces this for ServerHello
messages—it's already enforced for ClientHello messages.

Change-Id: Ic5a5be6bebf07fba90a3cabd10b07ab7b4337f53
Reviewed-on: https://go-review.googlesource.com/12003
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This commit is contained in:
Adam Langley 2015-07-09 15:42:02 -07:00
parent 34695c4742
commit cb5bca8e8a
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/crypto/tls/handshake_messages.go
View File

@ -763,6 +763,10 @@ func (m *serverHelloMsg) unmarshal(data []byte) bool {
return false return false
} }
d = d[1:] d = d[1:]
if len(d) == 0 {
// ALPN protocols must not be empty.
return false
}
m.alpnProtocol = string(d) m.alpnProtocol = string(d)
case extensionSCT: case extensionSCT:
d := data[:length] d := data[:length]