sanity check before reading word16 from buffer

2018-06-20 16:48:40 -06:00 · 2018-06-20 16:48:40 -06:00 · bf63003237
commit bf63003237
parent 2f43d5eece
1 changed files with 2 additions and 0 deletions
--- a/src/tls13.c
+++ b/src/tls13.c
@ -2866,6 +2866,8 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 #endif
    {
        /* Get extension length and length check. */
+        if ((i - begin) + OPAQUE16_LEN > helloSz)
+            return BUFFER_ERROR;
        ato16(&input[i], &totalExtSz);
        i += OPAQUE16_LEN;
        if ((i - begin) + totalExtSz > helloSz)