From 4a5f85babbe5ca78ad38cb32b1b1f0259c8c1cef Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@cloudflare.com>
Date: Wed, 18 Jan 2017 16:53:35 +0000
Subject: [PATCH] crypto/tls: disallow handshake messages fragmented across CCS

Detected by BoGo test FragmentAcrossChangeCipherSpec-Server-Packed.

Change-Id: I9a76697b9cdeb010642766041971de5c7e533481
Reviewed-on: https://go-review.googlesource.com/48811
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
---
 src/crypto/tls/conn.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/crypto/tls/conn.go b/src/crypto/tls/conn.go
index e6d85aa263..9f32d4b7d7 100644
--- a/src/crypto/tls/conn.go
+++ b/src/crypto/tls/conn.go
@@ -686,6 +686,11 @@ Again:
 			c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
 			break
 		}
+		// Handshake messages are not allowed to fragment across the CCS
+		if c.hand.Len() > 0 {
+			c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
+			break
+		}
 		err := c.in.changeCipherSpec()
 		if err != nil {
 			c.in.setErrorLocked(c.sendAlert(err.(alert)))
-- 
2.48.1