gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity

fix inchoate CHLO detection with missing STKs

Browse Source 
This fixes a STK-bypass security issue discovered by Alessandro Ghedini.
This commit is contained in:
Lucas Clemente
2016-09-17 16:49:58 +02:00
parent 638f6ae5e5
commit 9e5bba7937
2 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
handshake/crypto_setup.go
View File

@@ -178,7 +178,7 @@ func (h *CryptoSetup) isInchoateCHLO(cryptoData map[Tag][]byte) bool {
}
if err := h.scfg.stkSource.VerifyToken(h.ip, cryptoData[TagSTK]); err != nil {
utils.Infof("STK invalid: %s", err.Error())
return false
return true
}
return false
}