From 27f6517fd3d281589dd3ac58d3d2cc2f360bd82a Mon Sep 17 00:00:00 2001
From: liuxueli <liuxueli@iie.ac.cn>
Date: Wed, 10 Nov 2021 19:34:24 +0300
Subject: TSG-8210: 增加对server hello
 extension字段的长度进行判断，避免处理异常时出现memcpy越界
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/SSL_Message.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/SSL_Message.c b/src/SSL_Message.c
index b259797..c4942f8 100644
--- a/src/SSL_Message.c
+++ b/src/SSL_Message.c
@@ -478,7 +478,7 @@ UCHAR ssl_analyseHandShake(char *pcSslData,  int iAllMsgLen,  int iSslUnAnalyseL
 				a_ssl_stream->stServerHello->exts[i].len = (unsigned short)BtoL2BytesNum(pcCurSslData);
 				pcCurSslData += sizeof(a_ssl_stream->stServerHello->exts[i].len);
 				iUnAnaHelloLen -= sizeof(a_ssl_stream->stServerHello->exts[i].len);
-				if(iUnAnaHelloLen<0)
+				if(iUnAnaHelloLen<0 || a_ssl_stream->stServerHello->exts[i].len>iUnAnaHelloLen)
 				{
 					return SSL_RETURN_DROPME;
 				}
-- 
cgit v1.2.3