Commit 88849736 authored by Adam Langley's avatar Adam Langley

crypto/tls: better error for oversized handshake messages.

This change improves the error message when encountering a TLS handshake
message that is larger than our limit (64KB). Previously the error was
just “local error: internal error”.

Updates #13401.

Change-Id: I86127112045ae33e51079e3bc047dd7386ddc71a
Reviewed-on: https://go-review.googlesource.com/20547Reviewed-by: default avatarBrad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
parent 9d7b2b7b
...@@ -803,7 +803,8 @@ func (c *Conn) readHandshake() (interface{}, error) { ...@@ -803,7 +803,8 @@ func (c *Conn) readHandshake() (interface{}, error) {
data := c.hand.Bytes() data := c.hand.Bytes()
n := int(data[1])<<16 | int(data[2])<<8 | int(data[3]) n := int(data[1])<<16 | int(data[2])<<8 | int(data[3])
if n > maxHandshake { if n > maxHandshake {
return nil, c.in.setErrorLocked(c.sendAlert(alertInternalError)) c.sendAlertLocked(alertInternalError)
return nil, c.in.setErrorLocked(fmt.Errorf("tls: handshake message of length %d bytes exceeds maximum of %d bytes", n, maxHandshake))
} }
for c.hand.Len() < 4+n { for c.hand.Len() < 4+n {
if err := c.in.err; err != nil { if err := c.in.err; err != nil {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment