crypto/tls: reject ServerHellos with empty ALPN protocols.

https://tools.ietf.org/html/rfc7301#section-3.1 specifies that a
ProtocolName may not be empty. This change enforces this for ServerHello
messages—it's already enforced for ClientHello messages.

Change-Id: Ic5a5be6bebf07fba90a3cabd10b07ab7b4337f53
Reviewed-on: https://go-review.googlesource.com/12003
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

diff --git a/src/crypto/tls/handshake_messages.go b/src/crypto/tls/handshake_messages.go
index 799a776799aa1c158562f7e68a5712d0d68a6641..111ce53487a79116cc88f74d3afe2c47a5b0133e 100644 (file)
--- a/src/crypto/tls/handshake_messages.go
+++ b/src/crypto/tls/handshake_messages.go
@@ -763,6 +763,10 @@ func (m *serverHelloMsg) unmarshal(data []byte) bool {
                                return false
                        }
                        d = d[1:]
+                       if len(d) == 0 {
+                               // ALPN protocols must not be empty.
+                               return false
+                       }
                        m.alpnProtocol = string(d)
                case extensionSCT:
                        d := data[:length]