From 5a3629b6132c7dd4a517ebb6e572bb6dbaeb9888 Mon Sep 17 00:00:00 2001 From: Jan Bruckner Date: Thu, 23 Feb 2023 12:08:09 +0100 Subject: [PATCH] Fix debug print of encrypted extensions Perform debug print of encrypted extensions buffer only after the buffer length was checked successfully Signed-off-by: Jan Bruckner --- library/ssl_tls13_client.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index a72f770b3..8697c5386 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2117,10 +2117,11 @@ static int ssl_tls13_parse_encrypted_extensions(mbedtls_ssl_context *ssl, extensions_len = MBEDTLS_GET_UINT16_BE(p, 0); p += 2; - MBEDTLS_SSL_DEBUG_BUF(3, "encrypted extensions", p, extensions_len); MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, extensions_len); extensions_end = p + extensions_len; + MBEDTLS_SSL_DEBUG_BUF(3, "encrypted extensions", p, extensions_len); + handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE; while (p < extensions_end) {