Files
wolfssl/tests
Andrew Hutchings af329b38a8 Fix heap buffer over-read in wolfSSL_select_next_proto
Add missing bounds validation in wolfSSL_select_next_proto. Three
issues fixed:

1. Outer loop: no check that length byte + position stays within inLen,
   allowing XMEMCMP to read past the server protocol list buffer.

2. Inner loop: same missing check for clientNames/clientLen boundary.

3. No-overlap fallback unconditionally dereferences clientNames[0] even
   when clientLen is 0, and returns an outLen that may exceed the buffer.

Also reject zero-length protocol entries (invalid per RFC 7301) to
prevent infinite loops.

Add unit test test_wolfSSL_select_next_proto with 8 cases covering NULL
params, normal match, no overlap, malformed length overruns, zero-length
entries, and empty client lists.
2026-02-23 16:52:52 +00:00
..
2020-12-17 14:26:49 +01:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2022-01-31 15:29:25 -05:00
2022-01-31 15:29:25 -05:00
2024-01-16 15:18:05 -08:00
2026-01-28 07:37:29 +10:00
2020-07-20 15:03:48 -07:00
2022-01-31 15:29:25 -05:00
2022-06-01 10:36:01 +10:00
2022-02-23 09:47:34 +01:00
2024-01-16 15:18:05 -08:00
2020-12-17 14:26:49 +01:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00

Before creating any new configure files (.conf) read the CONF_FILES_README.md