mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 20:30:48 +02:00
Fix ECH error code: use BUFFER_ERROR for malformed peer input
Change innerClientHelloLen underflow guard in TLSX_ECH_Parse from BAD_FUNC_ARG to BUFFER_ERROR to match the convention used throughout tls.c for wire-protocol length/bounds validation.
This commit is contained in:
@@ -13606,7 +13606,7 @@ static int TLSX_ECH_Parse(WOLFSSL* ssl, const byte* readBuf, word16 size,
|
||||
/* read hello inner len */
|
||||
ato16(readBuf_p, &ech->innerClientHelloLen);
|
||||
if (ech->innerClientHelloLen < WC_AES_BLOCK_SIZE) {
|
||||
return BAD_FUNC_ARG;
|
||||
return BUFFER_ERROR;
|
||||
}
|
||||
ech->innerClientHelloLen -= WC_AES_BLOCK_SIZE;
|
||||
readBuf_p += 2;
|
||||
|
||||
Reference in New Issue
Block a user