TSG-8210: 增加对extension字段的长度进行判断，避免处理异常时出现memcpy越界v2.0.5

author: liuxueli <[email protected]> 2021-10-26 15:50:10 +0800
committer: liuxueli <[email protected]> 2021-10-26 15:50:10 +0800
commit: 88c426204b11a05a4e452647c3fed9e736286051 (patch)
tree: c5751da4e76e3a4c4cfb3d703293bc98de848be8 /src
parent: 99e3b104e2027fd49ed47a243f65dca0bb17a65f (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/SSL_Message.c b/src/SSL_Message.c
index 4fcbc5b..b259797 100644
--- a/src/SSL_Message.c
+++ b/src/SSL_Message.c
@@ -306,7 +306,7 @@ UCHAR ssl_analyseHandShake(char *pcSslData,  int iAllMsgLen,  int iSslUnAnalyseL
 				a_ssl_stream->stClientHello->exts[i].len = (unsigned short)BtoL2BytesNum(pcCurSslData);
 				pcCurSslData += sizeof(a_ssl_stream->stClientHello->exts[i].len);
 				iUnAnaHelloLen -= sizeof(a_ssl_stream->stClientHello->exts[i].len);
-				if(iUnAnaHelloLen<0)
+				if(iUnAnaHelloLen<0 || a_ssl_stream->stClientHello->exts[i].len>iUnAnaHelloLen)
 				{
 					return SSL_RETURN_DROPME;
 				}
author	liuxueli <[email protected]>	2021-10-26 15:50:10 +0800
committer	liuxueli <[email protected]>	2021-10-26 15:50:10 +0800
commit	88c426204b11a05a4e452647c3fed9e736286051 (patch)
tree	c5751da4e76e3a4c4cfb3d703293bc98de848be8 /src
parent	99e3b104e2027fd49ed47a243f65dca0bb17a65f (diff)