diff options
author | June McEnroe <june@causal.agency> | 2020-11-12 14:03:47 -0500 |
---|---|---|
committer | June McEnroe <june@causal.agency> | 2020-11-12 14:03:47 -0500 |
commit | fdb9c54455ed4d1c456dd42cbfca44638b8ab6c7 (patch) | |
tree | 29ffcb2669320310ebf6c7174d09de64ae5509e5 | |
parent | Report paths in unveil errors (diff) | |
download | pounce-fdb9c54455ed4d1c456dd42cbfca44638b8ab6c7.tar.gz pounce-fdb9c54455ed4d1c456dd42cbfca44638b8ab6c7.zip |
Check bounds of ClientHello extensions length
Diffstat (limited to '')
-rw-r--r-- | dispatch.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/dispatch.c b/dispatch.c index c0964e4..624dd40 100644 --- a/dispatch.c +++ b/dispatch.c @@ -121,7 +121,9 @@ static char *serverName(void) { skip(uint8()); skip(uint16()); skip(uint8()); - peek.len = uint16(); + uint16_t len = uint16(); + if (len > peek.len) return NULL; + peek.len = len; while (peek.len) { // Extension uint16_t type = uint16(); |