Closed Bug 1804688 Opened 3 years ago Closed 2 years ago

TLS Client ALPN extension ProtocolName entry incorrect length field size and missing length checks

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Version:
3.86
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: leander.schwarz, Assigned: djackson)

Details

Attachments

(1 file)

Bug 1804688 - Correct addition of GREASE value to ALPN xtn. r=mt!
48 bytes, text/x-phabricator-request
Details | Review

As specified in RFC7301, Section 3, the ALPN extensions ProtocolNameList entries are of the format:

opaque ProtocolName<1..2^8-1>;

Each entry is preceeded by a 1 byte length field, following the RFC8466, Section 3.4 vector definition.

The current implementation erroneously adds a 2 byte length field for each entry and does not check that the length requirements are met.

A long-standing comment suggested the length field should be 1 byte, but the
code was adding a two-byte length. Inspection showed that the length field
should indeed be two-bytes. This patch corrects the comment and adjusts
the length calculation for the ALPN GREASE value. Tests are included in the
child patch of this revision.

Depends on D161806

Assignee: nobody → djackson
Priority: -- → P1
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: