Fix OOB read in server hello

This fixes an out of bounds read when we're unmarshalling the Server Hello. This could cause us to panic.
pion · Feb 5, 2023 · 7a14903 · 7a14903
1 parent 8b8bc87
commit 7a14903
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/pkg/protocol/handshake/message_server_hello.go b/pkg/protocol/handshake/message_server_hello.go
@@ -88,11 +88,14 @@ func (m *MessageServerHello) Unmarshal(data []byte) error {
 	m.SessionID = append([]byte{}, data[currOffset:currOffset+n]...)
 	currOffset += len(m.SessionID)
 
+	if len(data) < currOffset+2 {
+		return errBufferTooSmall
+	}
 	m.CipherSuiteID = new(uint16)
 	*m.CipherSuiteID = binary.BigEndian.Uint16(data[currOffset:])
 	currOffset += 2
 
-	if len(data) < currOffset {
+	if len(data) <= currOffset {
 		return errBufferTooSmall
 	}
 	if compressionMethod, ok := protocol.CompressionMethods()[protocol.CompressionMethodID(data[currOffset])]; ok {