From dde5ce465c3fb8096ee8ec3107d7677172c46a87 Mon Sep 17 00:00:00 2001
From: Marten Seemann <martenseemann@gmail.com>
Date: Sun, 4 Dec 2016 15:34:15 +0700
Subject: [PATCH] enforce presence of version list in SHLO

---
 handshake/crypto_setup_client.go      | 10 ++++++++--
 handshake/crypto_setup_client_test.go | 12 ++++++++++--
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/handshake/crypto_setup_client.go b/handshake/crypto_setup_client.go
index 75c591ed..41bdb3ab 100644
--- a/handshake/crypto_setup_client.go
+++ b/handshake/crypto_setup_client.go
@@ -181,14 +181,20 @@ func (h *cryptoSetupClient) handleSHLOMessage(cryptoData map[Tag][]byte) error {
 		return qerr.Error(qerr.CryptoEncryptionLevelIncorrect, "unencrypted SHLO message")
 	}
 
+	if sno, ok := cryptoData[TagSNO]; ok {
+		h.sno = sno
+	}
+
 	serverPubs, ok := cryptoData[TagPUBS]
 	if !ok {
 		return qerr.Error(qerr.CryptoMessageParameterNotFound, "PUBS")
 	}
 
-	if sno, ok := cryptoData[TagSNO]; ok {
-		h.sno = sno
+	_, ok = cryptoData[TagVER]
+	if !ok {
+		return qerr.Error(qerr.InvalidCryptoMessageParameter, "server hello missing version list")
 	}
+	// TODO: verify versions
 
 	nonce := append(h.nonc, h.sno...)
 
diff --git a/handshake/crypto_setup_client_test.go b/handshake/crypto_setup_client_test.go
index ab1773ed..d269952a 100644
--- a/handshake/crypto_setup_client_test.go
+++ b/handshake/crypto_setup_client_test.go
@@ -334,8 +334,10 @@ var _ = Describe("Crypto setup", func() {
 		var tagMap map[Tag][]byte
 
 		BeforeEach(func() {
-			tagMap = make(map[Tag][]byte)
-			tagMap[TagPUBS] = []byte{0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xa, 0xb, 0xc, 0xd, 0xe, 0xf, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}
+			tagMap = map[Tag][]byte{
+				TagPUBS: []byte{0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xa, 0xb, 0xc, 0xd, 0xe, 0xf, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f},
+				TagVER:  protocol.SupportedVersionsAsTags,
+			}
 			kex, err := crypto.NewCurve25519KEX()
 			Expect(err).ToNot(HaveOccurred())
 			serverConfig := &serverConfigClient{
@@ -357,6 +359,12 @@ var _ = Describe("Crypto setup", func() {
 			Expect(err).To(MatchError(qerr.Error(qerr.CryptoMessageParameterNotFound, "PUBS")))
 		})
 
+		It("rejects SHLOs without a version list", func() {
+			delete(tagMap, TagVER)
+			err := cs.handleSHLOMessage(tagMap)
+			Expect(err).To(MatchError(qerr.Error(qerr.InvalidCryptoMessageParameter, "server hello missing version list")))
+		})
+
 		It("reads the server nonce, if set", func() {
 			tagMap[TagSNO] = []byte("server nonce")
 			err := cs.handleSHLOMessage(tagMap)