From de613b152ddbf832b32f4f3b01315172721c60d8 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@cloudflare.com>
Date: Wed, 18 Jan 2017 16:53:35 +0000
Subject: [PATCH] crypto/tls: disallow handshake messages fragmented across CCS

BoGo: FragmentAcrossChangeCipherSpec-Server-Packed
---
 conn.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/conn.go b/conn.go
index 2fd64ec..6cc52a5 100644
--- a/conn.go
+++ b/conn.go
@@ -776,6 +776,11 @@ func (c *Conn) readRecord(want recordType) error {
 			c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
 			break
 		}
+		// Handshake messages are not allowed to fragment across the CCS
+		if c.hand.Len() > 0 {
+			c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
+			break
+		}
 		err := c.in.changeCipherSpec()
 		if err != nil {
 			c.in.setErrorLocked(c.sendAlert(err.(alert)))