From e4b7a5319163ebaa6d1b106d11b0d017365f753f Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Thu, 30 Jan 2025 18:01:51 +0100 Subject: [PATCH] api: make sure len doesn't overrun the input buffer --- tests/api.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/api.c b/tests/api.c index 1d63ae409..42122e34e 100644 --- a/tests/api.c +++ b/tests/api.c @@ -99175,6 +99175,8 @@ static int test_dtls_frag_ch_count_records(byte* b, int len) records++; dtlsRH = (DtlsRecordLayerHeader*)b; recordLen = (dtlsRH->length[0] << 8) | dtlsRH->length[1]; + if (recordLen > (size_t)len) + break; b += sizeof(DtlsRecordLayerHeader) + recordLen; len -= sizeof(DtlsRecordLayerHeader) + recordLen; }