Send decode_error alert rather than illegal_parameter when receiving an empty/malformed keyshare extension. Fixes #9640.

This commit is contained in:
Kareem
2026-02-04 15:40:30 -07:00
parent 4bb4648282
commit 1e770e1a0f
+1 -1
View File
@@ -9894,7 +9894,7 @@ static int TLSX_KeyShareEntry_Parse(const WOLFSSL* ssl, const byte* input,
ato16(&input[offset], &keLen);
offset += OPAQUE16_LEN;
if (keLen == 0)
return INVALID_PARAMETER;
return BUFFER_ERROR;
if (keLen > length - offset)
return BUFFER_ERROR;