From eb59597fed2e15c76493ac6eaffdcaf0372eeaf0 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Fri, 7 Nov 2014 17:11:38 -0800
Subject: [PATCH] fix bug in sniffer when using old client hellos where large
 hello message may be ignored

---
 src/sniffer.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/sniffer.c b/src/sniffer.c
index d67156f81..e1695182d 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -2536,7 +2536,7 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
 
     if ((*session)->flags.clientHello == 0 && **sslFrame != handshake) {
         /* Sanity check the packet for an old style client hello. */
-        int rhSize = ((*sslFrame)[0] & 0x7f) | ((*sslFrame)[1]);
+        int rhSize = (((*sslFrame)[0] & 0x7f) << 8) | ((*sslFrame)[1]);
 
         if ((rhSize <= (*sslBytes - 2)) &&
             (*sslFrame)[2] == OLD_HELLO_ID && (*sslFrame)[3] == SSLv3_MAJOR) {