Skip to content

TLS: Better handling of parsing TLS extensions#9934

Open
SparkiDev wants to merge 1 commit intowolfSSL:masterfrom
SparkiDev:tls_length_fixes_1
Open

TLS: Better handling of parsing TLS extensions#9934
SparkiDev wants to merge 1 commit intowolfSSL:masterfrom
SparkiDev:tls_length_fixes_1

Conversation

@SparkiDev
Copy link
Contributor

@SparkiDev SparkiDev commented Mar 9, 2026

Description

TLSX_CSR2_Parse: check didn't include length bytes

TLSX_UseSRTP_Parse: validate profile_len

TLSX_CA_Names_Parse: fix for integer overflow

TLSX_SignatureAlgorithms_Parse: set new length before checking

TLSX_ECH_Parse: better parsing

Testing

TLS regression testing

@SparkiDev SparkiDev self-assigned this Mar 9, 2026
@SparkiDev SparkiDev added the For This Release Release version 5.9.0 label Mar 9, 2026
@SparkiDev
TLS: Better handling of parsing TLS extensions
d77391f 
TLSX_CSR2_Parse: check didn't include length bytes

TLSX_UseSRTP_Parse: validate profile_len

TLSX_CA_Names_Parse: fix for integer overflow

TLSX_SignatureAlgorithms_Parse: set new length before checking

TLSX_ECH_Parse: better parsing
@SparkiDev SparkiDev force-pushed the tls_length_fixes_1 branch from 72fa8ba to d77391f Compare March 9, 2026 23:29
@SparkiDev
Copy link
Contributor Author

SparkiDev commented Mar 10, 2026

retest this please

@SparkiDev SparkiDev assigned wolfSSL-Bot and unassigned SparkiDev Mar 10, 2026
@SparkiDev SparkiDev requested a review from wolfSSL-Bot March 10, 2026 01:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wolfSSL-Bot wolfSSL-Bot Awaiting requested review from wolfSSL-Bot

At least 1 approving review is required to merge this pull request.

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

For This Release Release version 5.9.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@SparkiDev @wolfSSL-Bot