From 7a14903448b70069fd9e02adf210ca23083c56d2 Mon Sep 17 00:00:00 2001
From: Sam Lancia <sam.lancia@motorolasolutions.com>
Date: Wed, 9 Nov 2022 11:17:24 -0800
Subject: [PATCH] Fix OOB read in server hello

This fixes an out of bounds read when we're unmarshalling the Server
Hello. This could cause us to panic.
---
 pkg/protocol/handshake/message_server_hello.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pkg/protocol/handshake/message_server_hello.go b/pkg/protocol/handshake/message_server_hello.go
index 9c1cc2218..b4157e25d 100644
--- a/pkg/protocol/handshake/message_server_hello.go
+++ b/pkg/protocol/handshake/message_server_hello.go
@@ -88,11 +88,14 @@ func (m *MessageServerHello) Unmarshal(data []byte) error {
 	m.SessionID = append([]byte{}, data[currOffset:currOffset+n]...)
 	currOffset += len(m.SessionID)
 
+	if len(data) < currOffset+2 {
+		return errBufferTooSmall
+	}
 	m.CipherSuiteID = new(uint16)
 	*m.CipherSuiteID = binary.BigEndian.Uint16(data[currOffset:])
 	currOffset += 2
 
-	if len(data) < currOffset {
+	if len(data) <= currOffset {
 		return errBufferTooSmall
 	}
 	if compressionMethod, ok := protocol.CompressionMethods()[protocol.CompressionMethodID(data[currOffset])]; ok {