Fix OOB read in server hello

Sam Lancia · daenney · commit 7a14903448b7 · 2023-02-05T15:47:16.000+01:00
This fixes an out of bounds read when we're unmarshalling the Server
Hello. This could cause us to panic.
diff --git a/pkg/protocol/handshake/message_server_hello.go b/pkg/protocol/handshake/message_server_hello.go
@@ -88,11 +88,14 @@ func (m *MessageServerHello) Unmarshal(data []byte) error {
 	m.SessionID = append([]byte{}, data[currOffset:currOffset+n]...)
 	currOffset += len(m.SessionID)
 
+	if len(data) < currOffset+2 {
+		return errBufferTooSmall
+	}
 	m.CipherSuiteID = new(uint16)
 	*m.CipherSuiteID = binary.BigEndian.Uint16(data[currOffset:])
 	currOffset += 2
 
-	if len(data) < currOffset {
+	if len(data) <= currOffset {
 		return errBufferTooSmall
 	}
 	if compressionMethod, ok := protocol.CompressionMethods()[protocol.CompressionMethodID(data[currOffset])]; ok {
