commit 35a7a4492ddc6082e1b0e71252f35701f8aa848a
author David Benjamin <davidben@chromium.org> Sat Jul 05 00:23:20 2014 -0400
committer Adam Langley <agl@google.com> Tue Jul 08 22:17:59 2014 +0000
tree 52234c29c813b224068d25eec9007209b277b36d
parent 398ba895fba66c3f191add14299b3da2def64af4

Check duplicate extensions before processing.

ClientHello and ServerHello are not allowed to include duplicate extensions.
Add a new helper function to check this and call as appropriate. Remove ad-hoc
per-extension duplicate checks which are no unnecessary.

Add runner.go tests to verify such message correctly rejected.

Change-Id: I7babd5b642dfec941459512869e2dd6de26a831c
Reviewed-on: https://boringssl-review.googlesource.com/1100
Reviewed-by: Adam Langley <agl@google.com>

ssl/test/runner/runner.go

diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index f253f89..96b52fa 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -137,12 +137,34 @@
 	},
 	{
 		testType: serverTest,
-		name: "ServerNameExtension",
+		name:     "ServerNameExtension",
 		config: Config{
 			ServerName: "example.com",
 		},
 		flags: []string{"-expect-server-name", "example.com"},
 	},
+	{
+		testType: clientTest,
+		name:     "DuplicateExtensionClient",
+		config: Config{
+			Bugs: ProtocolBugs{
+				DuplicateExtension: true,
+			},
+		},
+		shouldFail:         true,
+		expectedLocalError: "remote error: error decoding message",
+	},
+	{
+		testType: serverTest,
+		name:     "DuplicateExtensionServer",
+		config: Config{
+			Bugs: ProtocolBugs{
+				DuplicateExtension: true,
+			},
+		},
+		shouldFail:         true,
+		expectedLocalError: "remote error: error decoding message",
+	},
 }
 
 func doExchange(tlsConn *Conn, messageLen int) error {