don't allow tail garbage in client hello

haskell-tls · Dec 20, 2024 · 7bc78fb · 7bc78fb
1 parent fb92f84
commit 7bc78fb
Showing 1 changed file with 3 additions and 4 deletions.
diff --git a/tls/Network/TLS/Packet.hs b/tls/Network/TLS/Packet.hs
@@ -172,10 +172,9 @@ decodeClientHello = do
     exts <-
         if r > 0
             then fromIntegral <$> getWord16 >>= getExtensions
-            else do
-                rest <- remaining
-                _ <- getBytes rest
-                return []
+            else return []
+    r1 <- remaining
+    when (r1 /= 0) $ fail "Client hello"
     let ch = CH session ciphers exts
     return $ ClientHello ver random compressions ch