Merge pull request #6924 from JacobBarthelmeh/srtp

dgarske · web-flow · commit 2c91ecb46610 · 2023-10-28T16:13:06.000-07:00
sanity check on length before ato16 with SRTP
diff --git a/src/tls.c b/src/tls.c
@@ -5820,6 +5820,12 @@ static int TLSX_UseSRTP_Parse(WOLFSSL* ssl, const byte* input, word16 length,
         /* parse remainder one profile at a time, looking for match in CTX */
         ret = 0;
         for (i=offset; i<length; i+=OPAQUE16_LEN) {
+            if (length < (i + OPAQUE16_LEN)) {
+                WOLFSSL_MSG("Unexpected length when parsing SRTP profile");
+                ret = BUFFER_ERROR;
+                break;
+            }
+
             ato16(input+i, &profile_value);
             /* find first match */
             if (profile_value < 16 &&
