From 85b58aa2795818359c185eb27ea61df625da0245 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 25 Mar 2026 10:17:46 +0100
Subject: [PATCH] tls-server: Prevent infinite loop if supported versions are
 too short

If the extension doesn't contain a multiple of two bytes, the previous
code would get stuck in an infinite loop as `remaining()` continued to
return TRUE while `read_uint16()` failed to parse a value. Initiating
several connections with such an extension allows a DoS attack as no
threads would eventually be available to handle packets/events.

Fixes: 7fbe2e27ecf6 ("tls-server: TLS 1.3 support for TLS server implementation")
Fixes: CVE-2026-35328
---
 src/libtls/tls_server.c | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c
index 0d2ae1a72403..786e7b64f863 100644
--- a/src/libtls/tls_server.c
+++ b/src/libtls/tls_server.c
@@ -471,15 +471,12 @@ static status_t process_client_hello(private_tls_server_t *this,
 		bio_reader_t *client_versions;
 
 		client_versions = bio_reader_create(versions);
-		while (client_versions->remaining(client_versions))
+		while (client_versions->read_uint16(client_versions, &version))
 		{
-			if (client_versions->read_uint16(client_versions, &version))
+			if (this->tls->set_version(this->tls, version, version))
 			{
-				if (this->tls->set_version(this->tls, version, version))
-				{
-					this->client_version = version;
-					break;
-				}
+				this->client_version = version;
+				break;
 			}
 		}
 		client_versions->destroy(client_versions);
-- 
2.43.0