Add length checks

Open coreyralph opened this issue 2 years ago • 0 comments

Hi.

This PR adds length checks to fix these panics we've seen on malformed input:

panic: runtime error: index out of range [10] with length 10
goroutine 26 [running]:
github.com/dreadl0ck/tlsx.(*ClientHello).Unmarshal(0xc00b1437a0, {0xc00a4e0576?, 0x40bd92?, 0xc0003001e0?})
#011/go/pkg/mod/github.com/coreyralph/[email protected]/clientHello.go:108 +0x102d
github.com/dreadl0ck/tlsx.GetClientHello({0xaa0378?, 0xc00b2d1b80?})
#011/go/pkg/mod/github.com/coreyralph/[email protected]/utils.go:45 +0x6d

panic: runtime error: slice bounds out of range [6912:1]
goroutine 12 [running]:
github.com/dreadl0ck/tlsx.(*ClientHello).Unmarshal(0xc0019758c0, {0xc001b6c936?, 0x40bd92?, 0xc0000439e0?})
#011/go/pkg/mod/github.com/coreyralph/[email protected]/clientHello.go:190 +0xfd8
github.com/dreadl0ck/tlsx.GetClientHello({0xaa0378?, 0xc002d16b00?})
#011/go/pkg/mod/github.com/coreyralph/[email protected]/utils.go:45 +0x6d

panic: runtime error: slice bounds out of range [104:7]
goroutine 54 [running]:
github.com/dreadl0ck/tlsx.(*ClientHello).Unmarshal(0xc0007597a0, {0xc0008722c2?, 0x40bd92?, 0xc0003224e0?})
#011/go/pkg/mod/github.com/dreadl0ck/[email protected]/clientHello.go:274 +0xde5
github.com/dreadl0ck/tlsx.GetClientHello({0xaa0218?, 0xc000353600?})
#011/go/pkg/mod/github.com/dreadl0ck/[email protected]/utils.go:45 +0x6d

Feb 15 '24 03:02 coreyralph