crypto/tls: fix decoding of certLen in certificateMsg.unmarshal

certLen was decoded incorrectly if length > 2^16-1.

R=golang-dev, agl
CC=golang-dev
https://golang.org/cl/6197077
This commit is contained in:
Michael Gehring 2012-05-14 12:26:29 -04:00 committed by Adam Langley
parent 30b2db1e5f
commit 615733d170

View File

@ -563,7 +563,7 @@ func (m *certificateMsg) unmarshal(data []byte) bool {
if len(d) < 4 { if len(d) < 4 {
return false return false
} }
certLen := uint32(d[0])<<24 | uint32(d[1])<<8 | uint32(d[2]) certLen := uint32(d[0])<<16 | uint32(d[1])<<8 | uint32(d[2])
if uint32(len(d)) < 3+certLen { if uint32(len(d)) < 3+certLen {
return false return false
} }
@ -575,7 +575,7 @@ func (m *certificateMsg) unmarshal(data []byte) bool {
m.certificates = make([][]byte, numCerts) m.certificates = make([][]byte, numCerts)
d = data[7:] d = data[7:]
for i := 0; i < numCerts; i++ { for i := 0; i < numCerts; i++ {
certLen := uint32(d[0])<<24 | uint32(d[1])<<8 | uint32(d[2]) certLen := uint32(d[0])<<16 | uint32(d[1])<<8 | uint32(d[2])
m.certificates[i] = d[3 : 3+certLen] m.certificates[i] = d[3 : 3+certLen]
d = d[3+certLen:] d = d[3+certLen:]
} }