wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix for possible use of invalid *sslFrame and calculated headerSz in partial case with WOLFSSL_SNIFFER_CHAIN_INPUT.

Browse Source
This commit is contained in:
David Garske
2021-04-15 09:01:11 -07:00
parent d34161e482
commit 64c7830c93
1 changed files with 35 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/sniffer.c
View File

@ -4883,10 +4883,9 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
*sslFrame = ssl->buffers.inputBuffer.buffer;
*end = *sslFrame + *sslBytes;
}
}
if (vChain != NULL) {
#ifdef WOLFSSL_SNIFFER_CHAIN_INPUT
#ifdef WOLFSSL_SNIFFER_CHAIN_INPUT
struct iovec* chain = (struct iovec*)vChain;
word32 i, offset, headerSz, qty, remainder;
@ -4921,9 +4920,10 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
ssl->buffers.inputBuffer.length = *sslBytes;
*sslFrame = ssl->buffers.inputBuffer.buffer;
*end = *sslFrame + *sslBytes;
#endif
#endif
(void)chainSz;
}
}
if ((*session)->flags.clientHello == 0 && **sslFrame != handshake) {
/* Sanity check the packet for an old style client hello. */