bound sessionID read in sniffer ProcessServerHello

[netliomax25-code]

ProcessServerHello copies a fixed ID_LEN bytes of session id out of the captured ServerHello when the session-id length byte is non-zero, but the bounds check before it only ensures that length-byte value plus the cipher suite and compression fields are present. A ServerHello whose session id is shorter than 32 bytes, in a record with no trailing data, makes that copy read past the end of the frame buffer. ProcessClientHello already guards the identical copy with an ID_LEN check against the remaining bytes, so add the same check on the server side before the copy.

[wolfSSL-Bot]

Can one of the admins verify this patch?

[parasol-aser]

src/sniffer.c:ProcessServerHello
The new ID_LEN > *sslBytes check rejects complete ServerHello messages that advertise a short nonzero session ID and have no or few extension bytes. A server or pcap using a short nonzero session ID can now make the sniffer mark the flow fatal and remove the session, so affected sniffer deployments lose visibility for that TLS flow; this is flow-level availability/evasion, not a crash or secret disclosure.
Fix: Validate the encoded length (b <= ID_LEN) and copy/set the session ID size from b; if the sniffer intentionally supports only 32-byte nonzero IDs, reject that invariant based on b and add focused pcap coverage for short IDs.