From c87a4f1b3fc198b27bb0b56f7829d21c93f526e6 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Tue, 8 Apr 2014 20:12:21 +0000
Subject: [PATCH] Fix an off-by-one bug in TLS record parsing

---
 nselib/tls.lua | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/nselib/tls.lua b/nselib/tls.lua
index 8f65223cc..7c666b511 100644
--- a/nselib/tls.lua
+++ b/nselib/tls.lua
@@ -673,6 +673,7 @@ function record_read(buffer, i)
           b["extensions"] = {}
           j, num_exts = bin.unpack(">S", buffer, j)
           for e = 0, num_exts do
+            if j >= msg_end then break end
             local extcode, datalen
             j, extcode = bin.unpack(">S", buffer, j)
             extcode = find_key(EXTENSIONS, extcode) or extcode
@@ -692,7 +693,7 @@ function record_read(buffer, i)
   end
 
   -- Ignore unparsed bytes.
-  j = len
+  j = len+1
 
   return j, h
 end