mirrors/utls
1
0
Fork 0
mirror of https://github.com/refraction-networking/utls.git synced 2025-04-03 20:17:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

crypto/tls: reject duplicate extensions

Browse source 
Does what it says on the tin.

Fixes #51088

Change-Id: I12c0fa6bba1c1ce96c1ad31ba387c77a93f801c9
Reviewed-on: https://go-review.googlesource.com/c/go/+/384894
Reviewed-by: Roland Shoemaker <roland@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
This commit is contained in:
Roland Shoemaker 2022-02-10 09:47:49 -08:00
parent 13cd054c41
commit f77df846bf
2 changed files with 33 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

12
handshake_messages.go
View file

@ -384,6 +384,7 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool {
return false
}
seenExts := make(map[uint16]bool)
for !extensions.Empty() {
var extension uint16
var extData cryptobyte.String
@ -392,6 +393,11 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool {
return false
}
if seenExts[extension] {
return false
}
seenExts[extension] = true
switch extension {
case extensionServerName:
// RFC 6066, Section 3
@ -750,6 +756,7 @@ func (m *serverHelloMsg) unmarshal(data []byte) bool {
return false
}
seenExts := make(map[uint16]bool)
for !extensions.Empty() {
var extension uint16
var extData cryptobyte.String
@ -758,6 +765,11 @@ func (m *serverHelloMsg) unmarshal(data []byte) bool {
return false
}
if seenExts[extension] {
return false
}
seenExts[extension] = true
switch extension {
case extensionStatusRequest:
m.ocspStapling = true