Stowage/go
2
0
Fork 0
mirror of https://github.com/golang/go.git synced 2025-12-08 06:10:04 +00:00
Code Issues Projects Releases Packages Wiki Activity

crypto/tls: quote protocols in ALPN error message

Browse source 
Quote the protocols sent by the client when returning the ALPN
negotiation error message.

Fixes CVE-2025-58189
Fixes #75652

Change-Id: Ie7b3a1ed0b6efcc1705b71f0f1e8417126661330
Reviewed-on: https://go-review.googlesource.com/c/go/+/707776
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Neal Patel <nealpatel@google.com>
Reviewed-by: Nicholas Husin <nsh@golang.org>
Auto-Submit: Nicholas Husin <nsh@golang.org>
Reviewed-by: Nicholas Husin <husin@google.com>
TryBot-Bypass: Roland Shoemaker <roland@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
This commit is contained in:
Roland Shoemaker 2025-09-29 10:11:56 -07:00 committed by Gopher Robot
parent 047c2ab841
commit 4e9006a716
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/crypto/tls/handshake_server.go
View file

@ -357,7 +357,7 @@ func negotiateALPN(serverProtos, clientProtos []string, quic bool) (string, erro
if http11fallback { if http11fallback {
return "", nil return "", nil
} }
return "", fmt.Errorf("tls: client requested unsupported application protocols (%s)", clientProtos) return "", fmt.Errorf("tls: client requested unsupported application protocols (%q)", clientProtos)
} }
// supportsECDHE returns whether ECDHE key exchanges can be used with this // supportsECDHE returns whether ECDHE key exchanges can be used with this