Guard ProcessKeyShare against truncated key shares

Add bounds check before reading named_group so malformed TLS 1.3 key share data cannot read past the supplied buffer.

Author: LinuxJedi

src/sniffer.c

@@ -3285,6 +3285,9 @@ static int ProcessKeyShare(KeyShareInfo* info, const byte* input, int len,
         XMEMSET(info, 0, sizeof(KeyShareInfo));
 
         /* Named group and public key */
+        if (idx + OPAQUE16_LEN > len) {
+            return WOLFSSL_FATAL_ERROR;
+        }
         info->named_group = (word16)((input[idx] << 8) | input[idx+1]);
         idx += OPAQUE16_LEN;
         info->key_len = 0;