crypto/tls: fix decoding of certLen in certificateMsg.unmarshal

certLen was decoded incorrectly if length > 2^16-1.

R=golang-dev, agl
CC=golang-dev
https://golang.org/cl/6197077

diff --git a/src/pkg/crypto/tls/handshake_messages.go b/src/pkg/crypto/tls/handshake_messages.go
index e1517cc794ff21c8eb474ab094a7e9d8e1f5b718..54c7a3e6316bcec5a2720d9a1e0189577e689485 100644 (file)
--- a/src/pkg/crypto/tls/handshake_messages.go
+++ b/src/pkg/crypto/tls/handshake_messages.go
@@ -563,7 +563,7 @@ func (m *certificateMsg) unmarshal(data []byte) bool {
                if len(d) < 4 {
                        return false
                }
-               certLen := uint32(d[0])<<24 | uint32(d[1])<<8 | uint32(d[2])
+               certLen := uint32(d[0])<<16 | uint32(d[1])<<8 | uint32(d[2])
                if uint32(len(d)) < 3+certLen {
                        return false
                }
@@ -575,7 +575,7 @@ func (m *certificateMsg) unmarshal(data []byte) bool {
        m.certificates = make([][]byte, numCerts)
        d = data[7:]
        for i := 0; i < numCerts; i++ {
-               certLen := uint32(d[0])<<24 | uint32(d[1])<<8 | uint32(d[2])
+               certLen := uint32(d[0])<<16 | uint32(d[1])<<8 | uint32(d[2])
                m.certificates[i] = d[3 : 3+certLen]
                d = d[3+certLen:]
        }