Loading src/ssl.cpp +36 −12 Original line number Diff line number Diff line Loading @@ -324,8 +324,14 @@ namespace netplus { // Hilfsfunktion zum Parsen von SNI (server_name) Extension aus ClientHello static bool extractSNIFromClientHello(const std::vector<uint8_t>& ch, std::string& out_hostname) { if (ch.size() < 43) return false; // Minimum size for ClientHello (without type byte) if (ch[0] != 0x01) return false; // Type must be ClientHello // ✅ CRITICAL: ch includes handshake type (1 byte) + length (3 bytes) + actual ClientHello payload // So the actual ClientHello data starts at offset 4! if (ch.size() < 4 + 43) { // 4 byte header + 43 minimum ClientHello return false; } if (ch[0] != 0x01) { return false; // Type must be ClientHello } auto readU16 = [&](size_t& p) -> uint16_t { if (p + 2 > ch.size()) return 0; Loading @@ -338,36 +344,52 @@ static bool extractSNIFromClientHello(const std::vector<uint8_t>& ch, std::strin return ch[p++]; }; size_t p = 1; // Skip type (0x01) size_t p = 4; // Skip type (1 byte) + length (3 bytes) // legacy_version (2 bytes) (void)readU16(p); // random (32 bytes) if (p + 32 > ch.size()) return false; if (p + 32 > ch.size()) { return false; } p += 32; // session_id uint8_t sidLen = readU8(p); if (p + sidLen > ch.size()) return false; if (p + sidLen > ch.size()) { return false; } p += sidLen; // cipher_suites uint16_t csLen = readU16(p); if (csLen < 2 || (csLen % 2) != 0) return false; if (p + csLen > ch.size()) return false; if (csLen < 2 || (csLen % 2) != 0) { return false; } if (p + csLen > ch.size()) { return false; } p += csLen; // compression_methods uint8_t compLen = readU8(p); if (compLen < 1) return false; if (p + compLen > ch.size()) return false; if (compLen < 1) { return false; } if (p + compLen > ch.size()) { return false; } p += compLen; // extensions if (p + 2 > ch.size()) return false; if (p + 2 > ch.size()) { return false; } uint16_t extLen = readU16(p); if (p + extLen > ch.size()) return false; if (p + extLen > ch.size()) { return false; } size_t eend = p + extLen; Loading @@ -376,7 +398,9 @@ static bool extractSNIFromClientHello(const std::vector<uint8_t>& ch, std::strin uint16_t el = (uint16_t(ch[p+2]) << 8) | ch[p+3]; p += 4; if (p + el > eend) return false; if (p + el > eend) { return false; } // server_name extension (type 0x0000) if (et == 0x0000) { Loading Loading
src/ssl.cpp +36 −12 Original line number Diff line number Diff line Loading @@ -324,8 +324,14 @@ namespace netplus { // Hilfsfunktion zum Parsen von SNI (server_name) Extension aus ClientHello static bool extractSNIFromClientHello(const std::vector<uint8_t>& ch, std::string& out_hostname) { if (ch.size() < 43) return false; // Minimum size for ClientHello (without type byte) if (ch[0] != 0x01) return false; // Type must be ClientHello // ✅ CRITICAL: ch includes handshake type (1 byte) + length (3 bytes) + actual ClientHello payload // So the actual ClientHello data starts at offset 4! if (ch.size() < 4 + 43) { // 4 byte header + 43 minimum ClientHello return false; } if (ch[0] != 0x01) { return false; // Type must be ClientHello } auto readU16 = [&](size_t& p) -> uint16_t { if (p + 2 > ch.size()) return 0; Loading @@ -338,36 +344,52 @@ static bool extractSNIFromClientHello(const std::vector<uint8_t>& ch, std::strin return ch[p++]; }; size_t p = 1; // Skip type (0x01) size_t p = 4; // Skip type (1 byte) + length (3 bytes) // legacy_version (2 bytes) (void)readU16(p); // random (32 bytes) if (p + 32 > ch.size()) return false; if (p + 32 > ch.size()) { return false; } p += 32; // session_id uint8_t sidLen = readU8(p); if (p + sidLen > ch.size()) return false; if (p + sidLen > ch.size()) { return false; } p += sidLen; // cipher_suites uint16_t csLen = readU16(p); if (csLen < 2 || (csLen % 2) != 0) return false; if (p + csLen > ch.size()) return false; if (csLen < 2 || (csLen % 2) != 0) { return false; } if (p + csLen > ch.size()) { return false; } p += csLen; // compression_methods uint8_t compLen = readU8(p); if (compLen < 1) return false; if (p + compLen > ch.size()) return false; if (compLen < 1) { return false; } if (p + compLen > ch.size()) { return false; } p += compLen; // extensions if (p + 2 > ch.size()) return false; if (p + 2 > ch.size()) { return false; } uint16_t extLen = readU16(p); if (p + extLen > ch.size()) return false; if (p + extLen > ch.size()) { return false; } size_t eend = p + extLen; Loading @@ -376,7 +398,9 @@ static bool extractSNIFromClientHello(const std::vector<uint8_t>& ch, std::strin uint16_t el = (uint16_t(ch[p+2]) << 8) | ch[p+3]; p += 4; if (p + el > eend) return false; if (p + el > eend) { return false; } // server_name extension (type 0x0000) if (et == 0x0000) { Loading