From: Roland Shoemaker <roland@golang.org>
Date: Mon, 29 Sep 2025 17:11:56 +0000 (-0700)
Subject: [release-branch.go1.24] crypto/tls: quote protocols in ALPN error message
X-Git-Tag: go1.24.8~13
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=2e1e356e33b9c792a9643749a7626a1789197bb9;p=gostls13.git

[release-branch.go1.24] crypto/tls: quote protocols in ALPN error message

Quote the protocols sent by the client when returning the ALPN
negotiation error message.

Fixes CVE-2025-58189
Updates #75652
Fixes #75660

Change-Id: Ie7b3a1ed0b6efcc1705b71f0f1e8417126661330
Reviewed-on: https://go-review.googlesource.com/c/go/+/707776
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Neal Patel <nealpatel@google.com>
Reviewed-by: Nicholas Husin <nsh@golang.org>
Auto-Submit: Nicholas Husin <nsh@golang.org>
Reviewed-by: Nicholas Husin <husin@google.com>
TryBot-Bypass: Roland Shoemaker <roland@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
(cherry picked from commit 4e9006a716533fe1c7ee08df02dfc73078f7dc19)
Reviewed-on: https://go-review.googlesource.com/c/go/+/708096
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
---

diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go
index 7c75977ad3..6aebb74222 100644
--- a/src/crypto/tls/handshake_server.go
+++ b/src/crypto/tls/handshake_server.go
@@ -338,7 +338,7 @@ func negotiateALPN(serverProtos, clientProtos []string, quic bool) (string, erro
 	if http11fallback {
 		return "", nil
 	}
-	return "", fmt.Errorf("tls: client requested unsupported application protocols (%s)", clientProtos)
+	return "", fmt.Errorf("tls: client requested unsupported application protocols (%q)", clientProtos)
 }
 
 // supportsECDHE returns whether ECDHE key exchanges can be used with this