TLS: fix heap-buffer-overflow error (#1408)

Detected by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43664
author: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> 2022-01-15 18:47:59 +0100
committer: GitHub <noreply@github.com> 2022-01-15 18:47:59 +0100
commit: eb5d7b07afae0d1dd8f5b079835d8f1ec66dc160 (patch)
tree: cd71445adf359722a11b7073d5a570ae373bdd60 /src/lib/protocols
parent: 63c44a24b63e9f015ae0f114dcfd821f245c2070 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index b83505cd5..cdaed66b2 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -2099,7 +2099,8 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
 		  if(flow->protos.tls_quic.tls_supported_versions == NULL)
 		    flow->protos.tls_quic.tls_supported_versions = ndpi_strdup(version_str);
 		}
-	      } else if(extension_id == 65486 /* encrypted server name */) {
+	      } else if(extension_id == 65486 /* encrypted server name */ &&
+	                offset+extension_offset+1 < total_len) {
 		/*
 		   - https://tools.ietf.org/html/draft-ietf-tls-esni-06
 		   - https://blog.cloudflare.com/encrypted-sni/
author	Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>	2022-01-15 18:47:59 +0100
committer	GitHub <noreply@github.com>	2022-01-15 18:47:59 +0100
commit	eb5d7b07afae0d1dd8f5b079835d8f1ec66dc160 (patch)
tree	cd71445adf359722a11b7073d5a570ae373bdd60 /src/lib/protocols
parent	63c44a24b63e9f015ae0f114dcfd821f245c2070 (diff)