From: Filippo Valsorda <filippo@cloudflare.com>
Date: Wed, 18 Jan 2017 16:53:35 +0000 (+0000)
Subject: crypto/tls: disallow handshake messages fragmented across CCS
X-Git-Tag: go1.10beta1~1543
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=4a5f85babbe5ca78ad38cb32b1b1f0259c8c1cef;p=gostls13.git

crypto/tls: disallow handshake messages fragmented across CCS

Detected by BoGo test FragmentAcrossChangeCipherSpec-Server-Packed.

Change-Id: I9a76697b9cdeb010642766041971de5c7e533481
Reviewed-on: https://go-review.googlesource.com/48811
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
---

diff --git a/src/crypto/tls/conn.go b/src/crypto/tls/conn.go
index e6d85aa263..9f32d4b7d7 100644
--- a/src/crypto/tls/conn.go
+++ b/src/crypto/tls/conn.go
@@ -686,6 +686,11 @@ Again:
 			c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
 			break
 		}
+		// Handshake messages are not allowed to fragment across the CCS
+		if c.hand.Len() > 0 {
+			c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
+			break
+		}
 		err := c.in.changeCipherSpec()
 		if err != nil {
 			c.in.setErrorLocked(c.sendAlert(err.(alert)))