From 5572db7f3bd1a84cffac54a002c72a1d520e6069 Mon Sep 17 00:00:00 2001 From: aidan garske Date: Thu, 25 Jun 2026 14:26:42 -0700 Subject: [PATCH] F-6302 - Bound ServerHello session ID copy by remaining sniffer input --- src/sniffer.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/sniffer.c b/src/sniffer.c index b2a2bd04ef..bb4895ead3 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -3739,6 +3739,10 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes, return WOLFSSL_FATAL_ERROR; } if (b) { + if (ID_LEN > *sslBytes) { + SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); + return WOLFSSL_FATAL_ERROR; + } #ifdef WOLFSSL_TLS13 XMEMCPY(session->sslServer->session->sessionID, input, ID_LEN); session->sslServer->session->sessionIDSz = ID_LEN;