Confirm sessIdSz's size in DoTls13ServerHello before it is used.

Thanks to Zou Dikai for the report.
This commit is contained in:
Kareem
2026-04-21 13:44:35 -07:00
parent b5738236d9
commit ec9b2c0e8b
+2 -1
View File
@@ -5371,7 +5371,8 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* Session id */
args->sessIdSz = input[args->idx++];
if ((args->idx - args->begin) + args->sessIdSz > helloSz)
if (args->sessIdSz > ID_LEN || args->sessIdSz > RAN_LEN ||
((args->idx - args->begin) + args->sessIdSz > helloSz))
return BUFFER_ERROR;
args->sessId = input + args->idx;
args->idx += args->sessIdSz;