From 9e5bba793733cbb5c52c2192d68c6acb93731894 Mon Sep 17 00:00:00 2001
From: Lucas Clemente <lucas@clemente.io>
Date: Sat, 17 Sep 2016 16:49:58 +0200
Subject: [PATCH] fix inchoate CHLO detection with missing STKs

This fixes a STK-bypass security issue discovered by Alessandro Ghedini.
---
 handshake/crypto_setup.go      |  2 +-
 handshake/crypto_setup_test.go | 12 ++++++++++--
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/handshake/crypto_setup.go b/handshake/crypto_setup.go
index 91b33a8d..56e97645 100644
--- a/handshake/crypto_setup.go
+++ b/handshake/crypto_setup.go
@@ -178,7 +178,7 @@ func (h *CryptoSetup) isInchoateCHLO(cryptoData map[Tag][]byte) bool {
 	}
 	if err := h.scfg.stkSource.VerifyToken(h.ip, cryptoData[TagSTK]); err != nil {
 		utils.Infof("STK invalid: %s", err.Error())
-		return false
+		return true
 	}
 	return false
 }
diff --git a/handshake/crypto_setup_test.go b/handshake/crypto_setup_test.go
index 6e982f52..7563aa03 100644
--- a/handshake/crypto_setup_test.go
+++ b/handshake/crypto_setup_test.go
@@ -278,17 +278,25 @@ var _ = Describe("Crypto setup", func() {
 		})
 
 		It("recognizes inchoate CHLOs missing SCID", func() {
-			Expect(cs.isInchoateCHLO(map[Tag][]byte{TagPUBS: nil})).To(BeTrue())
+			Expect(cs.isInchoateCHLO(map[Tag][]byte{TagPUBS: nil, TagSTK: validSTK})).To(BeTrue())
 		})
 
 		It("recognizes inchoate CHLOs missing PUBS", func() {
-			Expect(cs.isInchoateCHLO(map[Tag][]byte{TagSCID: scfg.ID})).To(BeTrue())
+			Expect(cs.isInchoateCHLO(map[Tag][]byte{TagSCID: scfg.ID, TagSTK: validSTK})).To(BeTrue())
+		})
+
+		It("recognizes inchoate CHLOs with invalid tokens", func() {
+			Expect(cs.isInchoateCHLO(map[Tag][]byte{
+				TagSCID: scfg.ID,
+				TagPUBS: nil,
+			})).To(BeTrue())
 		})
 
 		It("recognizes proper CHLOs", func() {
 			Expect(cs.isInchoateCHLO(map[Tag][]byte{
 				TagSCID: scfg.ID,
 				TagPUBS: nil,
+				TagSTK:  validSTK,
 			})).To(BeFalse())
 		})