crypto/tls: fix parsing of SNI extension.

The previous code had a brain fart: it took one of the length prefixes as an element count, not a length. This didn't actually affect anything because the loop stops as soon as it finds a hostname element, and the hostname element is always the first and only element. (No other element types have ever been defined.) This change fixes the parsing in case SNI is ever changed in the future. Fixes #10793. Change-Id: Iafdf3381942bc22b1f33595315c53dc6cc2e9f0f Reviewed-on: https://go-review.googlesource.com/11059 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2025-04-03 03:57:36 +03:00 · 2015-06-14 08:15:41 -07:00 · 2015-06-14 08:15:41 -07:00 · 8fbca1d423
commit 8fbca1d423
parent b0102b4a94
1 changed files with 9 additions and 5 deletions
--- a/handshake_messages.go
+++ b/handshake_messages.go
@ -367,12 +367,16 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool {

 		switch extension {
 		case extensionServerName:
-			if length < 2 {
+			d := data[:length]
+			if len(d) < 2 {
 				return false
 			}
-			numNames := int(data[0])<<8 | int(data[1])
-			d := data[2:]
-			for i := 0; i < numNames; i++ {
+			namesLen := int(d[0])<<8 | int(d[1])
+			d = d[2:]
+			if len(d) != namesLen {
+				return false
+			}
+			for len(d) > 0 {
 				if len(d) < 3 {
 					return false
 				}
@ -383,7 +387,7 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool {
 					return false
 				}
 				if nameType == 0 {
-					m.serverName = string(d[0:nameLen])
+					m.serverName = string(d[:nameLen])
 					break
 				}
 				d = d[nameLen:]