Commit b21743c6 authored by Adam Langley's avatar Adam Langley Committed by Brad Fitzpatrick

crypto/tls: reject zero-length SCTs.

The SignedCertificateTimestampList[1] specifies that both the list and
each element must not be empty. Checking that the list is not empty was
handled in [2] and this change checks that the SCTs themselves are not
zero-length.

[1] https://tools.ietf.org/html/rfc6962#section-3.3
[2] https://golang.org/cl/33265

Change-Id: Iabaae7a15f6d111eb079e5086e0bd2005fae9e48
Reviewed-on: https://go-review.googlesource.com/33355
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: default avatarBrad Fitzpatrick <bradfitz@golang.org>
parent c0994598
...@@ -813,7 +813,7 @@ func (m *serverHelloMsg) unmarshal(data []byte) bool { ...@@ -813,7 +813,7 @@ func (m *serverHelloMsg) unmarshal(data []byte) bool {
} }
sctLen := int(d[0])<<8 | int(d[1]) sctLen := int(d[0])<<8 | int(d[1])
d = d[2:] d = d[2:]
if len(d) < sctLen { if sctLen == 0 || len(d) < sctLen {
return false return false
} }
m.scts = append(m.scts, d[:sctLen]) m.scts = append(m.scts, d[:sctLen])
......
...@@ -305,3 +305,21 @@ func TestRejectEmptySCTList(t *testing.T) { ...@@ -305,3 +305,21 @@ func TestRejectEmptySCTList(t *testing.T) {
t.Fatal("Unmarshaled ServerHello with empty SCT list") t.Fatal("Unmarshaled ServerHello with empty SCT list")
} }
} }
func TestRejectEmptySCT(t *testing.T) {
// Not only must the SCT list be non-empty, but the SCT elements must
// not be zero length.
var random [32]byte
serverHello := serverHelloMsg{
vers: VersionTLS12,
random: random[:],
scts: [][]byte{nil},
}
serverHelloBytes := serverHello.marshal()
var serverHelloCopy serverHelloMsg
if serverHelloCopy.unmarshal(serverHelloBytes) {
t.Fatal("Unmarshaled ServerHello with zero-length SCT")
}
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment