Skip to content

Commit 4e9006a

Browse files
rolandshoemakergopherbot
authored andcommitted
crypto/tls: quote protocols in ALPN error message
Quote the protocols sent by the client when returning the ALPN negotiation error message. Fixes CVE-2025-58189 Fixes golang#75652 Change-Id: Ie7b3a1ed0b6efcc1705b71f0f1e8417126661330 Reviewed-on: https://go-review.googlesource.com/c/go/+/707776 Auto-Submit: Roland Shoemaker <[email protected]> Reviewed-by: Neal Patel <[email protected]> Reviewed-by: Nicholas Husin <[email protected]> Auto-Submit: Nicholas Husin <[email protected]> Reviewed-by: Nicholas Husin <[email protected]> TryBot-Bypass: Roland Shoemaker <[email protected]> Reviewed-by: Daniel McCarney <[email protected]>
1 parent 047c2ab commit 4e9006a

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

src/crypto/tls/handshake_server.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -357,7 +357,7 @@ func negotiateALPN(serverProtos, clientProtos []string, quic bool) (string, erro
357357
if http11fallback {
358358
return "", nil
359359
}
360-
return "", fmt.Errorf("tls: client requested unsupported application protocols (%s)", clientProtos)
360+
return "", fmt.Errorf("tls: client requested unsupported application protocols (%q)", clientProtos)
361361
}
362362

363363
// supportsECDHE returns whether ECDHE key exchanges can be used with this

0 commit comments

Comments
 (0)