mirror
/
go
mirror of https://github.com/golang/go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

crypto/tls: disallow handshake messages fragmented across CCS 

Detected by BoGo test FragmentAcrossChangeCipherSpec-Server-Packed.

Change-Id: I9a76697b9cdeb010642766041971de5c7e533481
Reviewed-on: https://go-review.googlesource.com/48811
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
This commit is contained in:
Filippo Valsorda 2017-01-18 16:53:35 +00:00 committed by Adam Langley
parent 34920b8713
commit 4a5f85babb
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/crypto/tls/conn.go
View File

@ -686,6 +686,11 @@ Again:
c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
break
}
// Handshake messages are not allowed to fragment across the CCS
if c.hand.Len() > 0 {
c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
break
}
err := c.in.changeCipherSpec()
if err != nil {
c.in.setErrorLocked(c.sendAlert(err.(alert)))