crypto/tls: disallow handshake messages fragmented across CCS

Detected by BoGo test FragmentAcrossChangeCipherSpec-Server-Packed. Change-Id: I9a76697b9cdeb010642766041971de5c7e533481 Reviewed-on: https://go-review.googlesource.com/48811Reviewed-by: Adam Langley <agl@golang.org> Run-TryBot: Adam Langley <agl@golang.org>

crypto/tls: disallow handshake messages fragmented across CCS
Detected by BoGo test FragmentAcrossChangeCipherSpec-Server-Packed. Change-Id: I9a76697b9cdeb010642766041971de5c7e533481 Reviewed-on: https://go-review.googlesource.com/48811Reviewed-by: Adam Langley <agl@golang.org> Run-TryBot: Adam Langley <agl@golang.org>
4a5f85ba · Filippo Valsorda · Adam Langley · 34920b87 · 4a5f85ba
Commit 4a5f85ba authored Jan 18, 2017 by Filippo Valsorda Committed by Adam Langley Aug 15, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 0 deletions

src/crypto/tls/conn.go src/crypto/tls/conn.go +5 -0

No files found.
--- a/src/crypto/tls/conn.go
+++ b/src/crypto/tls/conn.go
@@ -686,6 +686,11 @@ Again:
 			c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
 			break
 		}
+		// Handshake messages are not allowed to fragment across the CCS
+		if c.hand.Len() > 0 {
+			c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
+			break
+		}
 		err := c.in.changeCipherSpec()
 		if err != nil {
 			c.in.setErrorLocked(c.sendAlert(err.(alert)))