From: Michael Gehring <mg@ebfe.org>
Date: Mon, 14 May 2012 16:26:29 +0000 (-0400)
Subject: crypto/tls: fix decoding of certLen in certificateMsg.unmarshal
X-Git-Tag: go1.1rc2~3215
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=99142f55370650fcdf1ecc742a5c3c26fdd1200f;p=gostls13.git

crypto/tls: fix decoding of certLen in certificateMsg.unmarshal

certLen was decoded incorrectly if length > 2^16-1.

R=golang-dev, agl
CC=golang-dev
https://golang.org/cl/6197077
---

diff --git a/src/pkg/crypto/tls/handshake_messages.go b/src/pkg/crypto/tls/handshake_messages.go
index e1517cc794..54c7a3e631 100644
--- a/src/pkg/crypto/tls/handshake_messages.go
+++ b/src/pkg/crypto/tls/handshake_messages.go
@@ -563,7 +563,7 @@ func (m *certificateMsg) unmarshal(data []byte) bool {
 		if len(d) < 4 {
 			return false
 		}
-		certLen := uint32(d[0])<<24 | uint32(d[1])<<8 | uint32(d[2])
+		certLen := uint32(d[0])<<16 | uint32(d[1])<<8 | uint32(d[2])
 		if uint32(len(d)) < 3+certLen {
 			return false
 		}
@@ -575,7 +575,7 @@ func (m *certificateMsg) unmarshal(data []byte) bool {
 	m.certificates = make([][]byte, numCerts)
 	d = data[7:]
 	for i := 0; i < numCerts; i++ {
-		certLen := uint32(d[0])<<24 | uint32(d[1])<<8 | uint32(d[2])
+		certLen := uint32(d[0])<<16 | uint32(d[1])<<8 | uint32(d[2])
 		m.certificates[i] = d[3 : 3+certLen]
 		d = d[3+certLen:]
 	}