Ensure the length computed by CheckHeaders in the SSL sniffer does not exceed the actual size of the packets.

Thanks to Haruto Kimura (Stella) for the report.
This commit is contained in:
Kareem
2026-03-10 16:02:59 -07:00
parent 156db7dd2d
commit 19b99f8072
+6
View File
@@ -5520,6 +5520,12 @@ static int CheckHeaders(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte* packet,
* data after the IP record for the FCS for Ethernet. */
*sslBytes = (int)(packet + ipInfo->total - *sslFrame);
/* Ensure sslBytes does not exceed the actual size. */
if (*sslBytes > (int)(length - (*sslFrame - packet))) {
SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
return WOLFSSL_FATAL_ERROR;
}
(void)checkReg;
return 0;