Skip to content

TLS: Better handling of parsing TLS extensions#9934

Merged
douzzer merged 1 commit intowolfSSL:masterfrom
SparkiDev:tls_length_fixes_1
Mar 11, 2026
Merged

TLS: Better handling of parsing TLS extensions#9934
douzzer merged 1 commit intowolfSSL:masterfrom
SparkiDev:tls_length_fixes_1

Conversation

@SparkiDev
Copy link
Contributor

@SparkiDev SparkiDev commented Mar 9, 2026

Description

TLSX_CSR2_Parse: check didn't include length bytes

TLSX_UseSRTP_Parse: validate profile_len

TLSX_CA_Names_Parse: fix for integer overflow

TLSX_SignatureAlgorithms_Parse: set new length before checking

TLSX_ECH_Parse: better parsing

Testing

TLS regression testing

@SparkiDev SparkiDev self-assigned this Mar 9, 2026
@SparkiDev SparkiDev added the For This Release Release version 5.9.0 label Mar 9, 2026
@SparkiDev SparkiDev force-pushed the tls_length_fixes_1 branch from 72fa8ba to d77391f Compare March 9, 2026 23:29
@SparkiDev SparkiDev assigned wolfSSL-Bot and unassigned SparkiDev Mar 10, 2026
@SparkiDev SparkiDev requested a review from wolfSSL-Bot March 10, 2026 01:34
douzzer
douzzer requested changes Mar 10, 2026
View reviewed changes
@douzzer douzzer added the Conflicts Conflicts with master or staged PRs label Mar 10, 2026
@SparkiDev
TLS: Better handling of parsing TLS extensions
0683dab 
TLSX_CSR2_Parse: check didn't include length bytes

TLSX_UseSRTP_Parse: validate profile_len

TLSX_CA_Names_Parse: fix for integer overflow

TLSX_SignatureAlgorithms_Parse: set new length before checking

TLSX_ECH_Parse: better parsing
@SparkiDev SparkiDev force-pushed the tls_length_fixes_1 branch from e8a9f66 to 0683dab Compare March 10, 2026 21:42
@SparkiDev
Copy link
Contributor Author

SparkiDev commented Mar 11, 2026
edited
Loading

retest this please

Google testing failed due to GREASE.
and again

@douzzer douzzer added Staged Staged for merge pending final test results and review and removed Conflicts Conflicts with master or staged PRs labels Mar 11, 2026
@SparkiDev SparkiDev removed their assignment Mar 11, 2026
douzzer
douzzer approved these changes Mar 11, 2026
View reviewed changes
Copy link
Contributor

@douzzer douzzer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Biffer FTW!

@douzzer douzzer merged commit fc7c19b into wolfSSL:master Mar 11, 2026
452 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@douzzer douzzer douzzer approved these changes

@wolfSSL-Bot wolfSSL-Bot Awaiting requested review from wolfSSL-Bot

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

For This Release Release version 5.9.0 Staged Staged for merge pending final test results and review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@SparkiDev @douzzer @wolfSSL-Bot