Merge pull request #2231 from JacobBarthelmeh/Fuzzer

sanity check on buffer size
2025-08-01 03:34:39 +02:00 · 2019-05-10 16:46:38 -07:00
parent e43e03c30a 94d9ce1dfa
commit dbeb5d702f
1 changed files with 5 additions and 0 deletions
--- a/src/tls.c
+++ b/src/tls.c
@@ -10136,6 +10136,11 @@ int TLSX_ParseVersion(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
        word16 type;
        word16 size;

+        if (offset + (2 * OPAQUE16_LEN) > length) {
+            ret = BUFFER_ERROR;
+            break;
+        }
+
        ato16(input + offset, &type);
        offset += HELLO_EXT_TYPE_SZ;