From d04419a60cad572d8284c740346faa0de22da822 Mon Sep 17 00:00:00 2001
From: bol-van <none@none.none>
Date: Sun, 6 Apr 2025 11:43:01 +0300
Subject: [PATCH] nfqws: safety check

---
 nfq/desync.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/nfq/desync.c b/nfq/desync.c
index d2636ce..5bd1397 100644
--- a/nfq/desync.c
+++ b/nfq/desync.c
@@ -657,7 +657,9 @@ static bool runtime_tls_mod(int fake_n,const struct fake_tls_mod_cache *modcache
 		}
 		if (tls_mod->mod & FAKE_TLS_MOD_DUP_SID)
 		{
-			if (fake_data[43]!=payload[43])
+			if (payload_len<44)
+				DLOG("fake[%d] cannot apply dupsid tls mod. data payload is too short.\n",fake_n);
+			else if (fake_data[43]!=payload[43])
 				DLOG("fake[%d] cannot apply dupsid tls mod. fake and orig session id length mismatch.\n",fake_n);
 			else if (payload_len<(44+payload[43]))
 				DLOG("fake[%d] cannot apply dupsid tls mod. data payload is not valid.\n",fake_n);