dtls: better sanitize incoming messages in stateless handling

2025-08-04 21:24:43 +02:00 · 2025-01-30 18:02:34 +01:00
parent e4b7a53191
commit 3cd64581eb
1 changed files with 3 additions and 2 deletions
--- a/src/dtls.c
+++ b/src/dtls.c
@@ -365,7 +365,8 @@ static int FindExtByType(WolfSSL_ConstVector* ret, word16 extType,
        ato16(exts.elements + idx, &type);
        idx += OPAQUE16_LEN;
        idx += ReadVector16(exts.elements + idx, &ext);
-        if (idx > exts.size)
+        if (idx > exts.size ||
+                ext.elements + ext.size > exts.elements + exts.size)
            return BUFFER_ERROR;
        if (type == extType) {
            XMEMCPY(ret, &ext, sizeof(ext));
@@ -498,7 +499,7 @@ static int TlsCheckSupportedVersion(const WOLFSSL* ssl,
                         ch->extension, &tlsxFound);
    if (ret != 0)
        return ret;
-    if (!tlsxFound) {
+    if (!tlsxFound || tlsxSupportedVersions.elements == NULL) {
        *isTls13 = 0;
        return 0;
    }