Commit 6a34206c authored by Adam Langley's avatar Adam Langley

crypto/tls: fix parsing of SNI extension.

The previous code had a brain fart: it took one of the length prefixes
as an element count, not a length. This didn't actually affect anything
because the loop stops as soon as it finds a hostname element, and the
hostname element is always the first and only element. (No other element
types have ever been defined.)

This change fixes the parsing in case SNI is ever changed in the future.

Fixes #10793.

Change-Id: Iafdf3381942bc22b1f33595315c53dc6cc2e9f0f
Reviewed-on: default avatarBrad Fitzpatrick <>
parent 71e83b88
......@@ -367,12 +367,16 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool {
switch extension {
case extensionServerName:
if length < 2 {
d := data[:length]
if len(d) < 2 {
return false
numNames := int(data[0])<<8 | int(data[1])
d := data[2:]
for i := 0; i < numNames; i++ {
namesLen := int(d[0])<<8 | int(d[1])
d = d[2:]
if len(d) != namesLen {
return false
for len(d) > 0 {
if len(d) < 3 {
return false
......@@ -383,7 +387,7 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool {
return false
if nameType == 0 {
m.serverName = string(d[0:nameLen])
m.serverName = string(d[:nameLen])
d = d[nameLen:]
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment