From a9c811d832b95cec267b93013440de9bc71c0a2f Mon Sep 17 00:00:00 2001 From: Rahul Jain Date: Tue, 14 Apr 2026 18:53:24 +0530 Subject: [PATCH] Fix CVE-2026-35332: libtls supported_versions extension --- src/libtls/tls_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c index aeb5a71..110b91a 100644 --- a/src/libtls/tls_server.c +++ b/src/libtls/tls_server.c @@ -476,7 +476,7 @@ static status_t process_key_exchange_dhe(private_tls_server_t *this, ec = diffie_hellman_group_is_ec(this->dh->get_dh_group(this->dh)); if ((ec && !reader->read_data8(reader, &pub)) || - (!ec && (!reader->read_data16(reader, &pub) || pub.len == 0))) + (!ec && !reader->read_data16(reader, &pub)) || pub.len == 0) { DBG1(DBG_TLS, "received invalid Client Key Exchange"); this->alert->add(this->alert, TLS_FATAL, TLS_DECODE_ERROR); -- 2.50.0