From e184b15a6639f28e47d4a43d59136726d686b3b1 Mon Sep 17 00:00:00 2001 From: Jacob Young Date: Fri, 1 Nov 2024 00:11:44 -0400 Subject: [PATCH] std.crypto.tls: fix fetching https://nginx.org Note that the removed `error.TlsIllegalParameter` case is still caught below when it is compared to a fixed-length string, but after checking the proper protocol version requirement first. --- lib/std/crypto/tls/Client.zig | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/std/crypto/tls/Client.zig b/lib/std/crypto/tls/Client.zig index c69c6ee936..c220c890f8 100644 --- a/lib/std/crypto/tls/Client.zig +++ b/lib/std/crypto/tls/Client.zig @@ -257,7 +257,7 @@ pub fn init(stream: anytype, ca_bundle: Certificate.Bundle, host: []const u8) In if (handshake_type != .server_hello) return error.TlsUnexpectedMessage; const length = ptd.decode(u24); var hsd = try ptd.sub(length); - try hsd.ensure(2 + 32 + 1 + 32 + 2 + 1); + try hsd.ensure(2 + 32 + 1); const legacy_version = hsd.decode(u16); @memcpy(&server_hello_rand, hsd.array(32)); if (mem.eql(u8, &server_hello_rand, &tls.hello_retry_request_sequence)) { @@ -266,8 +266,8 @@ pub fn init(stream: anytype, ca_bundle: Certificate.Bundle, host: []const u8) In return error.TlsUnexpectedMessage; } const legacy_session_id_echo_len = hsd.decode(u8); - if (legacy_session_id_echo_len != 32) return error.TlsIllegalParameter; - const legacy_session_id_echo = hsd.array(32); + try hsd.ensure(legacy_session_id_echo_len + 2 + 1); + const legacy_session_id_echo = hsd.slice(legacy_session_id_echo_len); cipher_suite_tag = hsd.decode(tls.CipherSuite); hsd.skip(1); // legacy_compression_method var supported_version: ?u16 = null;