From 88c426204b11a05a4e452647c3fed9e736286051 Mon Sep 17 00:00:00 2001
From: liuxueli <liuxueli@iie.ac.cn>
Date: Tue, 26 Oct 2021 15:50:10 +0800
Subject: TSG-8210:
 增加对extension字段的长度进行判断，避免处理异常时出现memcpy越界
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/SSL_Message.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/SSL_Message.c b/src/SSL_Message.c
index 4fcbc5b..b259797 100644
--- a/src/SSL_Message.c
+++ b/src/SSL_Message.c
@@ -306,7 +306,7 @@ UCHAR ssl_analyseHandShake(char *pcSslData,  int iAllMsgLen,  int iSslUnAnalyseL
 				a_ssl_stream->stClientHello->exts[i].len = (unsigned short)BtoL2BytesNum(pcCurSslData);
 				pcCurSslData += sizeof(a_ssl_stream->stClientHello->exts[i].len);
 				iUnAnaHelloLen -= sizeof(a_ssl_stream->stClientHello->exts[i].len);
-				if(iUnAnaHelloLen<0)
+				if(iUnAnaHelloLen<0 || a_ssl_stream->stClientHello->exts[i].len>iUnAnaHelloLen)
 				{
 					return SSL_RETURN_DROPME;
 				}							
-- 
cgit v1.2.3