From daf99ae645030153916ef8455ca0fdf6edb807fa Mon Sep 17 00:00:00 2001 From: aidan garske Date: Thu, 25 Jun 2026 14:59:21 -0700 Subject: [PATCH] F-5728 - Widen ServerHello extension length check to avoid word16 truncation --- src/sniffer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sniffer.c b/src/sniffer.c index 26dc257977..149e5e2169 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -3913,7 +3913,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes, } /* switch (extType) */ /* make sure the extension fits in the remaining declared length */ - if ((word16)(extLen + EXT_TYPE_SZ + LENGTH_SZ) > len) { + if ((word32)extLen + EXT_TYPE_SZ + LENGTH_SZ > len) { SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); return WOLFSSL_FATAL_ERROR;