From: Adam Langley <agl@golang.org>
Date: Thu, 9 Jul 2015 22:42:02 +0000 (-0700)
Subject: crypto/tls: reject ServerHellos with empty ALPN protocols.
X-Git-Tag: go1.6beta1~1229
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=cb5bca8e8af619a5a6548e5d1a2b2aa0c9accc25;p=gostls13.git

crypto/tls: reject ServerHellos with empty ALPN protocols.

https://tools.ietf.org/html/rfc7301#section-3.1 specifies that a
ProtocolName may not be empty. This change enforces this for ServerHello
messages—it's already enforced for ClientHello messages.

Change-Id: Ic5a5be6bebf07fba90a3cabd10b07ab7b4337f53
Reviewed-on: https://go-review.googlesource.com/12003
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
---

diff --git a/src/crypto/tls/handshake_messages.go b/src/crypto/tls/handshake_messages.go
index 799a776799..111ce53487 100644
--- a/src/crypto/tls/handshake_messages.go
+++ b/src/crypto/tls/handshake_messages.go
@@ -763,6 +763,10 @@ func (m *serverHelloMsg) unmarshal(data []byte) bool {
 				return false
 			}
 			d = d[1:]
+			if len(d) == 0 {
+				// ALPN protocols must not be empty.
+				return false
+			}
 			m.alpnProtocol = string(d)
 		case extensionSCT:
 			d := data[:length]