TLS 1.3 duplicate KeyShare entry fix

SparkiDev · SparkiDev · commit 1ec18949bc13 · 2025-11-13T08:23:19.000+10:00
Fix comparison to be greater than or equal in case count is incremented
after maxing out.
diff --git a/src/tls.c b/src/tls.c
@@ -9830,7 +9830,7 @@ static int TLSX_KeyShareEntry_Parse(const WOLFSSL* ssl, const byte* input,
         return BUFFER_ERROR;
 
     if (seenGroups != NULL) {
-        if (*seenGroupsCnt == MAX_KEYSHARE_NAMED_GROUPS) {
+        if (*seenGroupsCnt >= MAX_KEYSHARE_NAMED_GROUPS) {
             return BAD_KEY_SHARE_DATA;
         }
         for (i = 0; i < *seenGroupsCnt; i++) {

Original file line number	Diff line number	Diff line change
`@@ -9830,7 +9830,7 @@ static int TLSX_KeyShareEntry_Parse(const WOLFSSL* ssl, const byte* input,`
`9830`	`9830`	`return BUFFER_ERROR;`
`9831`	`9831`
`9832`	`9832`	`if (seenGroups != NULL) {`
`9833`		`- if (*seenGroupsCnt == MAX_KEYSHARE_NAMED_GROUPS) {`
	`9833`	`+ if (*seenGroupsCnt >= MAX_KEYSHARE_NAMED_GROUPS) {`
`9834`	`9834`	`return BAD_KEY_SHARE_DATA;`
`9835`	`9835`	`}`
`9836`	`9836`	`for (i = 0; i < *seenGroupsCnt; i++) {`