sanity check on buffer size before copy

2025-07-31 19:24:42 +02:00 · 2019-05-06 15:36:58 -06:00
parent 683646e452
commit b1442633dd
1 changed files with 5 additions and 0 deletions
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -3896,6 +3896,11 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
    if (sessIdSz != ID_LEN && sessIdSz != 0)
        return INVALID_PARAMETER;
 #endif
+
+    if (sessIdSz + i > helloSz) {
+        return BUFFER_ERROR;
+    }
+
    ssl->session.sessionIDSz = sessIdSz;
    if (sessIdSz == ID_LEN) {
        XMEMCPY(ssl->session.sessionID, input + i, sessIdSz);