crypto/tls: allow larger initial records.

Some servers which misunderstood the point of the CertificateRequest
message send huge reply records. These records are large enough that
they were considered “insane” by the TLS code and rejected.

This change removes the sanity test for record lengths. Although the
maxCiphertext test still remains, just above, which (roughly) enforces
the 16KB protocol limit on record sizes:
https://tools.ietf.org/html/rfc5246#section-6.2.1

Fixes #8928.

Change-Id: Idf89a2561b1947325b7ddc2613dc2da638d7d1c9
Reviewed-on: https://go-review.googlesource.com/5690
Reviewed-by: Andrew Gerrand <adg@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This commit is contained in:
Adam Langley 2015-02-23 14:51:40 -08:00
parent cf73eabe95
commit fb479af552

12
conn.go
View File

@ -570,15 +570,11 @@ Again:
return c.in.setErrorLocked(fmt.Errorf("tls: oversized record received with length %d", n)) return c.in.setErrorLocked(fmt.Errorf("tls: oversized record received with length %d", n))
} }
if !c.haveVers { if !c.haveVers {
// First message, be extra suspicious: // First message, be extra suspicious: this might not be a TLS
// this might not be a TLS client. // client. Bail out before reading a full 'body', if possible.
// Bail out before reading a full 'body', if possible. // The current max version is 3.3 so if the version is >= 16.0,
// The current max version is 3.1.
// If the version is >= 16.0, it's probably not real.
// Similarly, a clientHello message encodes in
// well under a kilobyte. If the length is >= 12 kB,
// it's probably not real. // it's probably not real.
if (typ != recordTypeAlert && typ != want) || vers >= 0x1000 || n >= 0x3000 { if (typ != recordTypeAlert && typ != want) || vers >= 0x1000 {
c.sendAlert(alertUnexpectedMessage) c.sendAlert(alertUnexpectedMessage)
return c.in.setErrorLocked(fmt.Errorf("tls: first record does not look like a TLS handshake")) return c.in.setErrorLocked(fmt.Errorf("tls: first record does not look like a TLS handshake"))
} }