From 8682cecb8f68dd3af203e48e2ef77252615dad6d Mon Sep 17 00:00:00 2001
From: Zhi Guan <guanzhi1980@gmail.com>
Date: Wed, 17 Jun 2026 00:30:16 +0800
Subject: [PATCH] Check before memcpy

---
 CMakeLists.txt          |  2 +-
 include/gmssl/version.h |  2 +-
 src/tls.c               |  2 +-
 src/tls12.c             | 15 +++++++++++----
 4 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index be6b8e30..3ca0e390 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -818,7 +818,7 @@ endif()
 #
 set(CPACK_PACKAGE_NAME "GmSSL")
 set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
-set(CPACK_PACKAGE_VERSION "3.2.0-dev.1068")
+set(CPACK_PACKAGE_VERSION "3.2.0-dev.1069")
 set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
 set(CPACK_NSIS_MODIFY_PATH ON)
 include(CPack)
diff --git a/include/gmssl/version.h b/include/gmssl/version.h
index 8b2253de..6787f9df 100644
--- a/include/gmssl/version.h
+++ b/include/gmssl/version.h
@@ -18,7 +18,7 @@ extern "C" {
 
 
 #define GMSSL_VERSION_NUM	30200
-#define GMSSL_VERSION_STR	"GmSSL 3.2.0-dev.1068"
+#define GMSSL_VERSION_STR	"GmSSL 3.2.0-dev.1069"
 
 int gmssl_version_num(void);
 const char *gmssl_version_str(void);
diff --git a/src/tls.c b/src/tls.c
index f247a875..f5b209f4 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -1739,7 +1739,7 @@ int tls_record_get_handshake_certificate(const uint8_t *record, uint8_t *certs,
 		error_print();
 		return -1;
 	}
-	if (datalen > TLS_MAX_CERTIFICATES_SIZE) {
+	if (len > TLS_MAX_CERTIFICATES_SIZE) {
 		error_print();
 		return -1;
 	}
diff --git a/src/tls12.c b/src/tls12.c
index e68f2612..67b9df2a 100644
--- a/src/tls12.c
+++ b/src/tls12.c
@@ -2141,9 +2141,13 @@ int tls_recv_client_hello(TLS_CONNECT *conn)
 			tls_send_alert(conn, TLS_alert_handshake_failure);
 			return -1;
 		}
+		// TODO: unify secure memcpy
+		common_supported_groups_cnt = sizeof(common_supported_groups)/sizeof(common_supported_groups[0]);
+		if (conn->ctx->supported_groups_cnt < common_supported_groups_cnt) {
+			common_supported_groups_cnt = conn->ctx->supported_groups_cnt;
+		}
 		memcpy(common_supported_groups, conn->ctx->supported_groups,
-			conn->ctx->supported_groups_cnt * sizeof(conn->ctx->supported_groups[0]));
-		common_supported_groups_cnt = conn->ctx->supported_groups_cnt;
+			common_supported_groups_cnt * sizeof(conn->ctx->supported_groups[0]));
 	}
 
 	if (signature_algorithms) {
@@ -2165,9 +2169,12 @@ int tls_recv_client_hello(TLS_CONNECT *conn)
 			tls_send_alert(conn, TLS_alert_handshake_failure);
 			return -1;
 		}
+		// TODO: unify secure memcpy
+		common_signature_algorithms_cnt = sizeof(common_signature_algorithms)/sizeof(common_signature_algorithms[0]);
+		if (conn->ctx->signature_algorithms_cnt < common_signature_algorithms_cnt)
+			common_signature_algorithms_cnt = conn->ctx->signature_algorithms_cnt;
 		memcpy(common_signature_algorithms, conn->ctx->signature_algorithms,
-			conn->ctx->signature_algorithms_cnt * sizeof(conn->ctx->signature_algorithms[0]));
-		common_signature_algorithms_cnt = conn->ctx->signature_algorithms_cnt;
+			common_signature_algorithms_cnt * sizeof(conn->ctx->signature_algorithms[0]));
 	}
 
 	if (signature_algorithms_cert) {