sanity check on length before ato16 with SRTP

2023-10-28 16:13:45 -06:00 · 2023-10-28 16:13:45 -06:00 · 07c8c5c8ca
commit 07c8c5c8ca
parent a05f4f4dd9
1 changed files with 6 additions and 0 deletions
--- a/src/tls.c
+++ b/src/tls.c
@ -5685,6 +5685,12 @@ static int TLSX_UseSRTP_Parse(WOLFSSL* ssl, const byte* input, word16 length,
        /* parse remainder one profile at a time, looking for match in CTX */
        ret = 0;
        for (i=offset; i<length; i+=OPAQUE16_LEN) {
+            if (length < (i + OPAQUE16_LEN)) {
+                WOLFSSL_MSG("Unexpected length when parsing SRTP profile");
+                ret = BUFFER_ERROR;
+                break;
+            }
+
            ato16(input+i, &profile_value);
            /* find first match */
            if (profile_value < 16 &&