Merge pull request #2426 from JacobBarthelmeh/Fuzzer

sanity check on buffer size before reading short
2025-07-30 10:47:28 +02:00 · 2019-08-23 10:17:31 -07:00
parent 0e6bb4717e 65aeb71d6c
commit 54fb08d6df
1 changed files with 2 additions and 0 deletions
--- a/src/tls.c
+++ b/src/tls.c
@ -8024,6 +8024,8 @@ static int TLSX_PreSharedKey_Parse(WOLFSSL* ssl, byte* input, word16 length,
        list = (PreSharedKey*)extension->data;

        /* Length of binders. */
+        if (idx + OPAQUE16_LEN > length)
+            return BUFFER_E;
        ato16(input + idx, &len);
        idx += OPAQUE16_LEN;
        if (len < MIN_PSK_BINDERS_LEN || length - idx < len)