Fix drwetter#2502 in 3.0 branch

This commit fixes drwetter#2502 in the 3.0 branch by checking that the key_share extension is at least 4 bytes long (8 in ASCII-HEX). These 4 bytes encode the group value (2 bytes) and the length of the key (2 bytes).
dcooper16 · Jun 13, 2024 · acdbdcf · acdbdcf
1 parent 212bdbb
commit acdbdcf
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/testssl.sh b/testssl.sh
@@ -12367,7 +12367,7 @@ parse_tls_serverhello() {
                                tls_extensions+=" (id=51), len=$extension_len\n"
                           fi
                           if [[ "$process_full" =~ all ]] || [[ "$process_full" == ephemeralkey ]]; then
-                               if [[ $extension_len -lt 4  ]]; then
+                               if [[ $extension_len -lt 8  ]]; then
                                     debugme tmln_warning "Malformed key share extension."
                                     [[ $DEBUG -ge 1 ]] && tmpfile_handle ${FUNCNAME[0]}.txt
                                     return 1