From 40c824ea24cc1f433e5e939a1ee844de17f9875b Mon Sep 17 00:00:00 2001
From: Arjun Bhat <arjun.bhat@diconium.com>
Date: Thu, 3 Oct 2024 16:25:32 +0200
Subject: [PATCH 1/2] Fix corruption of certain packets with invalid TLS
 extension fields

---
 scapy/layers/tls/extensions.py | 2 ++
 test/scapy/layers/tls/tls.uts  | 5 +++++
 2 files changed, 7 insertions(+)

diff --git a/scapy/layers/tls/extensions.py b/scapy/layers/tls/extensions.py
index 87ffe67219c..50f0daef0e3 100644
--- a/scapy/layers/tls/extensions.py
+++ b/scapy/layers/tls/extensions.py
@@ -843,4 +843,6 @@ def m2i(self, pkt, m):
                 cls = _tls_ext_early_data_cls.get(pkt.msgtype, TLS_Ext_Unknown)
             res.append(cls(m[:tmp_len + 4], tls_session=pkt.tls_session))
             m = m[tmp_len + 4:]
+        if len(m):
+            res.append(Raw(m))
         return res
diff --git a/test/scapy/layers/tls/tls.uts b/test/scapy/layers/tls/tls.uts
index 95a7c34a348..a240a4f05f9 100644
--- a/test/scapy/layers/tls/tls.uts
+++ b/test/scapy/layers/tls/tls.uts
@@ -1561,6 +1561,11 @@ data = '1603031616020000660303602161b58e22f4966f18f9aa6afd5759f343935ed437cf09c5
 pkt = TLS(bytes.fromhex(data))
 assert [type(x) for x in pkt.msg] == [TLSServerHello, TLSCertificate, TLSCertificateStatus, TLSServerKeyExchange, TLSServerHelloDone]
 
+= Issue 3853
+data = hex_bytes("16030300360200002e030342615f0b32366c85b5de265ec99fd68c59079d9783dc2f547592fe12f4ab3fde00c02c000015ff01000100000e000000")
+tls_packet = TLS(data)
+assert raw(tls_packet) == data
+
 ###############################################################################
 ############################ Automaton behaviour ##############################
 ###############################################################################

From 6cc0246d5bae7f88a91a0648b32f875f30bacfba Mon Sep 17 00:00:00 2001
From: gpotter2 <10530980+gpotter2@users.noreply.github.com>
Date: Sun, 6 Oct 2024 22:26:41 +0200
Subject: [PATCH 2/2] Use idioms

---
 scapy/layers/tls/extensions.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scapy/layers/tls/extensions.py b/scapy/layers/tls/extensions.py
index 50f0daef0e3..42dfa6f6048 100644
--- a/scapy/layers/tls/extensions.py
+++ b/scapy/layers/tls/extensions.py
@@ -843,6 +843,6 @@ def m2i(self, pkt, m):
                 cls = _tls_ext_early_data_cls.get(pkt.msgtype, TLS_Ext_Unknown)
             res.append(cls(m[:tmp_len + 4], tls_session=pkt.tls_session))
             m = m[tmp_len + 4:]
-        if len(m):
-            res.append(Raw(m))
+        if m:
+            res.append(conf.raw_layer(m))
         return res