Add a length check for certificate parsing. Fixes #1399

2026-01-01 12:29:03 +00:00 · 2018-12-02 05:48:27 +00:00
parent b1efd74249
commit 1ba0119372
1 changed files with 7 additions and 1 deletions
--- a/nselib/tls.lua
+++ b/nselib/tls.lua
@@ -1212,7 +1212,13 @@ handshake_parse = {
        end
        local b = {certificates = {}}
        while j < cert_end do
-          local cert_len, cert
+          local cert_len = unpack(">I3", buffer, j)
+          if cert_len + 3 + j > cert_end then
+            stdnse.debug1("server_certificate parsing error!")
+            j = cert_end
+            break
+          end
+          local cert
          cert, j = unpack(">s3", buffer, j)
          -- parse these with sslcert.parse_ssl_certificate
          table.insert(b["certificates"], cert)