Skip to content

Commit 1715a86

Browse files
rolandshoemakerrolandshoemaker
committed
crypto/tls: reject duplicate extensions
Does what it says on the tin. Fixes #51088 Change-Id: I12c0fa6bba1c1ce96c1ad31ba387c77a93f801c9 Reviewed-on: https://go-review.googlesource.com/c/go/+/384894 Reviewed-by: Roland Shoemaker <[email protected]> Run-TryBot: Roland Shoemaker <[email protected]> TryBot-Result: Gopher Robot <[email protected]> Reviewed-by: Damien Neil <[email protected]>
1 parent aa24255 commit 1715a86

File tree

2 files changed

+33
-0
lines changed

2 files changed

+33
-0
lines changed

src/crypto/tls/handshake_messages.go

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -384,6 +384,7 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool {
384384
return false
385385
}
386386

387+
seenExts := make(map[uint16]bool)
387388
for !extensions.Empty() {
388389
var extension uint16
389390
var extData cryptobyte.String
@@ -392,6 +393,11 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool {
392393
return false
393394
}
394395

396+
if seenExts[extension] {
397+
return false
398+
}
399+
seenExts[extension] = true
400+
395401
switch extension {
396402
case extensionServerName:
397403
// RFC 6066, Section 3
@@ -750,6 +756,7 @@ func (m *serverHelloMsg) unmarshal(data []byte) bool {
750756
return false
751757
}
752758

759+
seenExts := make(map[uint16]bool)
753760
for !extensions.Empty() {
754761
var extension uint16
755762
var extData cryptobyte.String
@@ -758,6 +765,11 @@ func (m *serverHelloMsg) unmarshal(data []byte) bool {
758765
return false
759766
}
760767

768+
if seenExts[extension] {
769+
return false
770+
}
771+
seenExts[extension] = true
772+
761773
switch extension {
762774
case extensionStatusRequest:
763775
m.ocspStapling = true

src/crypto/tls/handshake_messages_test.go

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ package tls
66

77
import (
88
"bytes"
9+
"encoding/hex"
910
"math/rand"
1011
"reflect"
1112
"strings"
@@ -463,3 +464,23 @@ func TestRejectEmptySCT(t *testing.T) {
463464
t.Fatal("Unmarshaled ServerHello with zero-length SCT")
464465
}
465466
}
467+
468+
func TestRejectDuplicateExtensions(t *testing.T) {
469+
clientHelloBytes, err := hex.DecodeString("010000440303000000000000000000000000000000000000000000000000000000000000000000000000001c0000000a000800000568656c6c6f0000000a000800000568656c6c6f")
470+
if err != nil {
471+
t.Fatalf("failed to decode test ClientHello: %s", err)
472+
}
473+
var clientHelloCopy clientHelloMsg
474+
if clientHelloCopy.unmarshal(clientHelloBytes) {
475+
t.Error("Unmarshaled ClientHello with duplicate extensions")
476+
}
477+
478+
serverHelloBytes, err := hex.DecodeString("02000030030300000000000000000000000000000000000000000000000000000000000000000000000000080005000000050000")
479+
if err != nil {
480+
t.Fatalf("failed to decode test ServerHello: %s", err)
481+
}
482+
var serverHelloCopy serverHelloMsg
483+
if serverHelloCopy.unmarshal(serverHelloBytes) {
484+
t.Fatal("Unmarshaled ServerHello with duplicate extensions")
485+
}
486+
}

0 commit comments

Comments
 (0)