If initiator side will send empty list with supported cipher suites then responder side will not check this corner case. This result in out of bound memory access on stack by suites_i[-1]. At the end access will be following: suites_i[255] because of uint8_t overflow.
Proposal solution is to return new error value: suites_i_list_empty.
If initiator side will send empty list with supported cipher suites then responder side will not check this corner case. This result in out of bound memory access on stack by
suites_i[-1]. At the end access will be following:suites_i[255]because ofuint8_toverflow.Proposal solution is to return new error value:
suites_i_list_empty.