@@ -4243,15 +4243,15 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
42434243 const byte * identity , * binders ;
42444244
42454245 idsLen = (word16 )((input [idx ] << 8 ) | input [idx + 1 ]);
4246- if (idsLen + OPAQUE16_LEN + idx > extLen ) {
4246+ if (( word32 ) idsLen + OPAQUE16_LEN + idx > ( word32 ) extLen ) {
42474247 SetError (CLIENT_HELLO_INPUT_STR , error , session , FATAL_ERROR_STATE );
42484248 return WOLFSSL_FATAL_ERROR ;
42494249 }
42504250 idx += OPAQUE16_LEN ;
42514251
42524252 /* PSK identity */
42534253 idLen = (word16 )((input [idx ] << 8 ) | input [idx + 1 ]);
4254- if (idLen + OPAQUE16_LEN + idx > extLen ) {
4254+ if (( word32 ) idLen + OPAQUE16_LEN + idx > ( word32 ) extLen ) {
42554255 SetError (CLIENT_HELLO_INPUT_STR , error , session , FATAL_ERROR_STATE );
42564256 return WOLFSSL_FATAL_ERROR ;
42574257 }
@@ -4260,14 +4260,22 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
42604260 idx += idLen ;
42614261
42624262 /* Obfuscated Ticket Age 32-bits */
4263+ if ((word32 )idx + OPAQUE32_LEN > (word32 )extLen ) {
4264+ SetError (CLIENT_HELLO_INPUT_STR , error , session , FATAL_ERROR_STATE );
4265+ return WOLFSSL_FATAL_ERROR ;
4266+ }
42634267 ticketAge = (word32 )((input [idx ] << 24 ) | (input [idx + 1 ] << 16 ) |
42644268 (input [idx + 2 ] << 8 ) | input [idx + 3 ]);
42654269 (void )ticketAge ; /* not used */
42664270 idx += OPAQUE32_LEN ;
42674271
42684272 /* binders - all binders */
4273+ if ((word32 )idx + OPAQUE16_LEN > (word32 )extLen ) {
4274+ SetError (CLIENT_HELLO_INPUT_STR , error , session , FATAL_ERROR_STATE );
4275+ return WOLFSSL_FATAL_ERROR ;
4276+ }
42694277 bindersLen = (word16 )((input [idx ] << 8 ) | input [idx + 1 ]);
4270- if (bindersLen + OPAQUE16_LEN + idx > extLen ) {
4278+ if (( word32 ) bindersLen + OPAQUE16_LEN + idx > ( word32 ) extLen ) {
42714279 SetError (CLIENT_HELLO_INPUT_STR , error , session , FATAL_ERROR_STATE );
42724280 return WOLFSSL_FATAL_ERROR ;
42734281 }
0 commit comments