tls: fix off by one in supported versions extension

Ticket: #5663 (cherry picked from commit b5147189ae)
3 years ago · 462366d447
parent b24ae521a2
commit 462366d447
1 changed files with 1 additions and 1 deletions
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@ -1006,7 +1006,7 @@ static inline int TLSDecodeHSHelloExtensionSupportedVersions(SSLState *ssl_state
        /* Use the first (and prefered) valid version as client version,
         * skip over GREASE and other possible noise. */
        uint16_t i = 0;
-        while (i < (uint16_t)supported_ver_len) {
+        while (i + 1 < (uint16_t)supported_ver_len) {
            uint16_t ver = (uint16_t)(input[i] << 8) | input[i + 1];
            if (TLSVersionValid(ver)) {
                ssl_state->curr_connp->version = ver;