From 89bf094a5d6eec9c3e3a085524d83c896b3eab79 Mon Sep 17 00:00:00 2001 From: aidan garske Date: Thu, 25 Jun 2026 14:59:21 -0700 Subject: [PATCH] F-4809 - Widen ClientHello extension length check to avoid word16 truncation --- src/sniffer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sniffer.c b/src/sniffer.c index 149e5e2169..7f0c432255 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -4393,7 +4393,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes, } /* make sure the extension fits in the remaining declared length */ - if ((word16)(extLen + EXT_TYPE_SZ + LENGTH_SZ) > len) { + if ((word32)extLen + EXT_TYPE_SZ + LENGTH_SZ > len) { SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); return WOLFSSL_FATAL_ERROR; }