From 1f64a71cde8966cb9a1ef25dbff3f44dc2719196 Mon Sep 17 00:00:00 2001
From: Yves Rutschle <git1@rutschle.net>
Date: Sun, 8 Jan 2023 22:50:56 +0100
Subject: [PATCH] fix out-of-bounds read in sslh-ev (fix #368)

---
 gap.h | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/gap.h b/gap.h
index be41375..26690a6 100644
--- a/gap.h
+++ b/gap.h
@@ -32,6 +32,11 @@ static inline int __attribute__((unused)) gap_set(gap_array* gap, int index, voi
 
 static inline void* __attribute__((unused)) gap_get(gap_array* gap, int index)
 {
+    /* sslh-ev routinely reads before it writes. It's not clear if it should be
+     * its job to check the length (and add a gap_getlen()), or if it should be
+     * gap_get()'s job. This will do for now */
+    if (index >= gap->len) return NULL;
+
     return gap->array[index];
 }