add extra handshake message checks
This commit is contained in:
parent
43900e63a4
commit
7af54c28e1
12
server.go
12
server.go
|
@ -80,7 +80,11 @@ func peek(conn net.Conn, tlsConfig *tls.Config) {
|
|||
}
|
||||
// Extract handshake message length.
|
||||
handshakeMessageLength := binary.BigEndian.Uint16(buf.Bytes()[3:5])
|
||||
// Copy handshake message (should be a Client Hello).
|
||||
if handshakeMessageLength == 0 {
|
||||
log.Println("Zero-length handshake message")
|
||||
return
|
||||
}
|
||||
// Copy handshake message.
|
||||
_, err = io.CopyN(&buf, conn, int64(handshakeMessageLength))
|
||||
if err != nil {
|
||||
log.Println(err)
|
||||
|
@ -88,6 +92,12 @@ func peek(conn net.Conn, tlsConfig *tls.Config) {
|
|||
}
|
||||
rawClientHello := buf.Bytes()
|
||||
|
||||
// Check if this really is a Client Hello message.
|
||||
if rawClientHello[5] != 1 {
|
||||
log.Println("HandshakeType is not client_hello")
|
||||
return
|
||||
}
|
||||
|
||||
// "Put back" the Client Hello bytes we just read, so that they can be
|
||||
// used in the TLS handshake. Concatenate the read bytes with the
|
||||
// unread bytes using a MultiReader, inside a connection wrapper.
|
||||
|
|
Loading…
Reference in New Issue