TLS/1.0 and 1.1 CH may lack extensions block
diff --git a/lib/picotls.c b/lib/picotls.c
index dc71e66..dcde89c 100644
--- a/lib/picotls.c
+++ b/lib/picotls.c
@@ -3561,9 +3561,14 @@
src = end;
});
- ch->first_extension_at = src - start + 2;
+ /* CH defined in TLS versions below 1.2 do not have extensions; so bail out after parsing the main variables */
+ if (ch->legacy_version < 0x0303) {
+ ret = PTLS_ALERT_PROTOCOL_VERSION;
+ goto Exit;
+ }
/* decode extensions */
+ ch->first_extension_at = src - start + 2;
decode_extensions(src, end, PTLS_HANDSHAKE_TYPE_CLIENT_HELLO, &exttype, {
ch->psk.is_last_extension = 0;
if (ctx->on_extension != NULL && tls_cbarg != NULL &&