From 1b8b6efd10165188a67c65af98f2e858dec05844 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Thu, 17 Nov 2016 12:15:19 -0800 Subject: [PATCH] crypto/tls: reject zero-length SCTs. The SignedCertificateTimestampList[1] specifies that both the list and each element must not be empty. Checking that the list is not empty was handled in [2] and this change checks that the SCTs themselves are not zero-length. [1] https://tools.ietf.org/html/rfc6962#section-3.3 [2] https://golang.org/cl/33265 Change-Id: Iabaae7a15f6d111eb079e5086e0bd2005fae9e48 Reviewed-on: https://go-review.googlesource.com/33355 Run-TryBot: Adam Langley TryBot-Result: Gobot Gobot Reviewed-by: Brad Fitzpatrick --- handshake_messages.go | 2 +- handshake_messages_test.go | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/handshake_messages.go b/handshake_messages.go index 2ea4ddb..694bd91 100644 --- a/handshake_messages.go +++ b/handshake_messages.go @@ -813,7 +813,7 @@ func (m *serverHelloMsg) unmarshal(data []byte) bool { } sctLen := int(d[0])<<8 | int(d[1]) d = d[2:] - if len(d) < sctLen { + if sctLen == 0 || len(d) < sctLen { return false } m.scts = append(m.scts, d[:sctLen]) diff --git a/handshake_messages_test.go b/handshake_messages_test.go index cb3634c..f1154d4 100644 --- a/handshake_messages_test.go +++ b/handshake_messages_test.go @@ -305,3 +305,21 @@ func TestRejectEmptySCTList(t *testing.T) { t.Fatal("Unmarshaled ServerHello with empty SCT list") } } + +func TestRejectEmptySCT(t *testing.T) { + // Not only must the SCT list be non-empty, but the SCT elements must + // not be zero length. + + var random [32]byte + serverHello := serverHelloMsg{ + vers: VersionTLS12, + random: random[:], + scts: [][]byte{nil}, + } + serverHelloBytes := serverHello.marshal() + + var serverHelloCopy serverHelloMsg + if serverHelloCopy.unmarshal(serverHelloBytes) { + t.Fatal("Unmarshaled ServerHello with zero-length SCT") + } +}