Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: error handshake if there are duplicate TLS extensions #51088

Closed
aarongable opened this issue Feb 8, 2022 · 2 comments
Closed

crypto/tls: error handshake if there are duplicate TLS extensions #51088

aarongable opened this issue Feb 8, 2022 · 2 comments
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.

Comments

@aarongable
Copy link
Contributor

What version of Go are you using (go version)?

$ go version
go version go1.17.6 linux/amd64

$ go1.18beta2 version
go version go1.18beta2 linux/amd64

Does this issue reproduce with the latest release?

Yes.

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/aaron/.cache/go-build"
GOENV="/home/aaron/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/home/aaron/.local/share/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/home/aaron/.local/share/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.17.6"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/dev/null"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build3439747319=/tmp/go-build -gno-record-gcc-switches"

$ go1.18beta2 env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/aaron/.cache/go-build"
GOENV="/home/aaron/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/home/aaron/.local/share/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/home/aaron/.local/share/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/home/aaron/sdk/go1.18beta2"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/home/aaron/sdk/go1.18beta2/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.18beta2"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/dev/null"
GOWORK=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build112163216=/tmp/go-build -gno-record-gcc-switches"

What did you do?

When unmarshalling a serverHello message, we currently just iterate over the set of all all extensions that appear in the message. If a given extension appears more than once, the last instance of that extension "wins", with its contents (for example, the ALPN protocol) being written to the appropriate field (e.g. .alpnProtocol) on the serverHelloMsg` struct.

The same is true when a TLS server unmarshalls a clientHello message.

What did you expect to see?

RFC 5246, Section 7.4.1.4, which specifies TLS 1.2, states "There MUST NOT be more than one extension of the same type.". There is an equivalent statement in RFC 8446, Section 4.2, which specifies TLS 1.3. Therefore I expected message unmarshalling to fail if multiple extensions of the same type are present.

What did you see instead?

Message unmarshalling does not fail.

It should be noted: the relevant RFCs do not specify that one end of the connection MUST abort the connection if the other end sends duplicate extensions, so there is a reasonable interpretation that it is only required that the library not produce messages with duplicate extensions.

@seankhliao seankhliao added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Feb 8, 2022
@seankhliao
Copy link
Member

cc @golang/security

@gopherbot
Copy link

Change https://go.dev/cl/384894 mentions this issue: crypto/tls: reject duplicate extensions

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Development

No branches or pull requests

3 participants