crypto/tls: reject zero-length SCTs.
The SignedCertificateTimestampList[1] specifies that both the list and each element must not be empty. Checking that the list is not empty was handled in [2] and this change checks that the SCTs themselves are not zero-length. [1] https://tools.ietf.org/html/rfc6962#section-3.3 [2] https://golang.org/cl/33265 Change-Id: Iabaae7a15f6d111eb079e5086e0bd2005fae9e48 Reviewed-on: https://go-review.googlesource.com/33355 Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This commit is contained in:
parent
8b63f202ce
commit
1b8b6efd10
@ -813,7 +813,7 @@ func (m *serverHelloMsg) unmarshal(data []byte) bool {
|
|||||||
}
|
}
|
||||||
sctLen := int(d[0])<<8 | int(d[1])
|
sctLen := int(d[0])<<8 | int(d[1])
|
||||||
d = d[2:]
|
d = d[2:]
|
||||||
if len(d) < sctLen {
|
if sctLen == 0 || len(d) < sctLen {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
m.scts = append(m.scts, d[:sctLen])
|
m.scts = append(m.scts, d[:sctLen])
|
||||||
|
@ -305,3 +305,21 @@ func TestRejectEmptySCTList(t *testing.T) {
|
|||||||
t.Fatal("Unmarshaled ServerHello with empty SCT list")
|
t.Fatal("Unmarshaled ServerHello with empty SCT list")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestRejectEmptySCT(t *testing.T) {
|
||||||
|
// Not only must the SCT list be non-empty, but the SCT elements must
|
||||||
|
// not be zero length.
|
||||||
|
|
||||||
|
var random [32]byte
|
||||||
|
serverHello := serverHelloMsg{
|
||||||
|
vers: VersionTLS12,
|
||||||
|
random: random[:],
|
||||||
|
scts: [][]byte{nil},
|
||||||
|
}
|
||||||
|
serverHelloBytes := serverHello.marshal()
|
||||||
|
|
||||||
|
var serverHelloCopy serverHelloMsg
|
||||||
|
if serverHelloCopy.unmarshal(serverHelloBytes) {
|
||||||
|
t.Fatal("Unmarshaled ServerHello with zero-length SCT")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user