Fix potential underflow in sniffer

This commit is contained in:
Tobias Frauenschläger
2026-03-09 13:37:02 +01:00
parent b3f08f33b8
commit 7ed66dd1c3
+5 -1
View File
@@ -5074,7 +5074,7 @@ static const byte* DecryptMessage(WOLFSSL* ssl, const byte* input, word32 sz,
#ifdef WOLFSSL_TLS13
if (IsAtLeastTLSv1_3(ssl->version)) {
if (sz < ssl->specs.aead_mac_size) {
if (sz <= ssl->specs.aead_mac_size) {
*error = BUFFER_ERROR;
return NULL;
}
@@ -5131,6 +5131,10 @@ static const byte* DecryptMessage(WOLFSSL* ssl, const byte* input, word32 sz,
#ifdef WOLFSSL_TLS13
if (IsAtLeastTLSv1_3(ssl->version)) {
word16 i = (word16)(sz - ssl->keys.padSz);
if (i == 0) {
*error = BUFFER_ERROR;
return NULL;
}
/* Remove padding from end of plain text. */
for (--i; i > 0; i--) {
if (output[i] != 0)