]> Cypherpunks repositories - gostls13.git/commit
projects / gostls13.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 6998277) | patch
[release-branch.go1.24] crypto/tls: quote protocols in ALPN error message
authorRoland Shoemaker <roland@golang.org>
Mon, 29 Sep 2025 17:11:56 +0000 (10:11 -0700)
committerCarlos Amedee <carlos@golang.org>
Wed, 1 Oct 2025 18:37:47 +0000 (11:37 -0700)
commit2e1e356e33b9c792a9643749a7626a1789197bb9
tree4fb598a7329dd78549097b7fc41f5057d63fd3bbtree
parent6998277471f65ecf997814a3b64d35b4ffc58c4dcommit | diff
[release-branch.go1.24] crypto/tls: quote protocols in ALPN error message

Quote the protocols sent by the client when returning the ALPN
negotiation error message.

Fixes CVE-2025-58189
Updates #75652
Fixes #75660

Change-Id: Ie7b3a1ed0b6efcc1705b71f0f1e8417126661330
Reviewed-on: https://go-review.googlesource.com/c/go/+/707776
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Neal Patel <nealpatel@google.com>
Reviewed-by: Nicholas Husin <nsh@golang.org>
Auto-Submit: Nicholas Husin <nsh@golang.org>
Reviewed-by: Nicholas Husin <husin@google.com>
TryBot-Bypass: Roland Shoemaker <roland@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
(cherry picked from commit 4e9006a716533fe1c7ee08df02dfc73078f7dc19)
Reviewed-on: https://go-review.googlesource.com/c/go/+/708096
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
src/crypto/tls/handshake_server.go diff | blob | history
Go GOST TLS 1.3