crypto/tls: reject ServerHellos with empty ALPN protocols. https://tools.ietf.org/html/rfc7301#section-3.1 specifies that a ProtocolName may not be empty. This change enforces this for ServerHello messages—it's already enforced for ClientHello messages. Change-Id: Ic5a5be6bebf07fba90a3cabd10b07ab7b4337f53 Reviewed-on: https://go-review.googlesource.com/12003 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

commit: cb5bca8e8af619a5a6548e5d1a2b2aa0c9accc25 [log] [tgz]
author: Adam Langley <agl@golang.org> Thu Jul 09 15:42:02 2015 -0700
committer: Adam Langley <agl@golang.org> Sun Aug 30 15:33:36 2015 +0000
tree: 2b935270596bb6574bf49c1c10289a9d170e2ca4
parent: 34695c4742dd8055ed88b409014353e99288c43e [diff]
diff --git a/src/crypto/tls/handshake_messages.go b/src/crypto/tls/handshake_messages.go
index 799a776..111ce53 100644
--- a/src/crypto/tls/handshake_messages.go
+++ b/src/crypto/tls/handshake_messages.go

@@ -763,6 +763,10 @@
 				return false
 			}
 			d = d[1:]
+			if len(d) == 0 {
+				// ALPN protocols must not be empty.
+				return false
+			}
 			m.alpnProtocol = string(d)
 		case extensionSCT:
 			d := data[:length]
commit	cb5bca8e8af619a5a6548e5d1a2b2aa0c9accc25	[log] [tgz]
author	Adam Langley <agl@golang.org>	Thu Jul 09 15:42:02 2015 -0700
committer	Adam Langley <agl@golang.org>	Sun Aug 30 15:33:36 2015 +0000
tree	2b935270596bb6574bf49c1c10289a9d170e2ca4
parent	34695c4742dd8055ed88b409014353e99288c43e [diff]