Skip to content

Commit

Permalink
Merge pull request #25 from duckduckgo/nastia/fix_tls_parsing_loop
Browse files Browse the repository at this point in the history
Add safeguards to TLS extension parsing
  • Loading branch information
nshuba authored Sep 6, 2023
2 parents b2b3f81 + 80dc378 commit c3a901b
Showing 1 changed file with 7 additions and 3 deletions.
10 changes: 7 additions & 3 deletions src/netguard/tls.c
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ void get_server_name(
// Extract host from ClientHello SNI extension header

// this skips the TLS header, time and Client Random - and starts with the session ID length
uint8_t index = 43;
uint32_t index = 43;
uint8_t session_id_len = tls[index++];
index += session_id_len;

Expand All @@ -86,10 +86,10 @@ void get_server_name(
// Extension headers found
log_print(PLATFORM_LOG_PRIORITY_DEBUG, "TLS ClientHello extensions found");

uint16_t searched = 0;
uint32_t searched = 0;
uint8_t found = 0;

while (searched < extensions_len && index < length) {
while (searched < extensions_len && index + 2 < length) {
uint16_t extension_type = (tls[index] << 8 & 0xFF00) + (tls[index + 1] & 0x00FF);
index += 2;

Expand All @@ -101,6 +101,10 @@ void get_server_name(
} else {
log_print(PLATFORM_LOG_PRIORITY_DEBUG, "TLS extension type %d", extension_type);

if (index + 1 >= length) {
break;
}

uint16_t extension_len = (tls[index] << 8 & 0xFF00) + (tls[index + 1] & 0x00FF);
index += 2;
// skip to the next extension, if there is one
Expand Down

0 comments on commit c3a901b

Please sign in to comment.