ssl.c: fix integer overflow found by Svace:

droe / sslsplit

Transparent SSL/TLS interception

https://www.roe.ch/SSLsplit

BSD 2-Clause "Simplified" License

1.73k stars 327 forks source link

ssl.c: fix integer overflow found by Svace: #327

Closed disaykin closed 1 year ago

disaykin commented 1 year ago

The value of an arithmetic expression p[1] + (p[0] << 8) is subject
to overflow due to a failure to cast operands to a larger data type
before perfoming arithmetic

sonertari commented 1 year ago

Afaik, @droe prefers macros in such cases, but it's looking good to me.