sanity check on buffer size

2025-07-29 18:27:29 +02:00 · 2019-05-08 09:33:35 -06:00
parent ff5bf7aea1
commit 94d9ce1dfa
1 changed files with 5 additions and 0 deletions
--- a/src/tls.c
+++ b/src/tls.c
@ -10133,6 +10133,11 @@ int TLSX_ParseVersion(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
        word16 type;
        word16 size;

+        if (offset + (2 * OPAQUE16_LEN) > length) {
+            ret = BUFFER_ERROR;
+            break;
+        }
+
        ato16(input + offset, &type);
        offset += HELLO_EXT_TYPE_SZ;