From: Philippe Antoine <pantoine@oisf.net>
Date: Fri, 11 Nov 2022 10:52:27 +0000 (+0100)
Subject: tls: fix off by one in supported versions extension
X-Git-Tag: suricata-6.0.10~30
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F8374%2Fhead;p=thirdparty%2Fsuricata.git

tls: fix off by one in supported versions extension

Ticket: #5663
(cherry picked from commit b5147189aecd1d49520e6dc9b40b1baca5a4f503)
---

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index 306adba714..2bb69e89f6 100644
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -1006,7 +1006,7 @@ static inline int TLSDecodeHSHelloExtensionSupportedVersions(SSLState *ssl_state
         /* Use the first (and prefered) valid version as client version,
          * skip over GREASE and other possible noise. */
         uint16_t i = 0;
-        while (i < (uint16_t)supported_ver_len) {
+        while (i + 1 < (uint16_t)supported_ver_len) {
             uint16_t ver = (uint16_t)(input[i] << 8) | input[i + 1];
             if (TLSVersionValid(ver)) {
                 ssl_state->curr_connp->version = ver;