On line 61 of TLSHandshakePacketizer.cs, MemoryStream.Read() is called but the possible return code of 0 or less than the number expected, is never captured. This is basically missing exception handling in what appears to be function-critical and/or security critical code.
According to https://msdn.microsoft.com/en-us/library/system.io.memorystream.read%28v=vs.110%29.aspx the return code from the function call is "The total number of bytes written into the buffer. This can be less than the number of bytes requested if that number of bytes are not currently available, or zero if the end of the stream is reached before any bytes are read."
The recommendation would be to check that the return value is exactly what was expected; and if not, then to throw an exception at this time instead of continuing.
On line 61 of TLSHandshakePacketizer.cs, MemoryStream.Read() is called but the possible return code of 0 or less than the number expected, is never captured. This is basically missing exception handling in what appears to be function-critical and/or security critical code.
According to https://msdn.microsoft.com/en-us/library/system.io.memorystream.read%28v=vs.110%29.aspx the return code from the function call is "The total number of bytes written into the buffer. This can be less than the number of bytes requested if that number of bytes are not currently available, or zero if the end of the stream is reached before any bytes are read."
The recommendation would be to check that the return value is exactly what was expected; and if not, then to throw an exception at this time instead of continuing.
This also happens on lines 79 and 111.