diff --git a/demo/demo.cpp b/demo/demo.cpp
index dfafb19..f69e594 100644
--- a/demo/demo.cpp
+++ b/demo/demo.cpp
@@ -127,13 +127,27 @@ int parse_encrypt_server_name(struct _quic_stream *quic_stream, unsigned char *p
 {
 	int ext_len=0,used_len=0;
 	
-	quic_stream->sni_idx=quic_stream->ext_tag_num++;
-	get_value(payload, &used_len, 2);  //Server Name List length
+	ext_len=get_value(payload, &used_len, 2);  //Server Name List length
+	if(ext_len>0 && ext_len>payload_len)
+	{
+		return 0;
+	}
+	
 	if(get_value(payload, &used_len, 1)==0)  //Server Name type
 	{
 		ext_len=get_value(payload, &used_len, 2);  //Server Name length
+		if(ext_len<0 || ext_len>payload_len)
+		{
+			return 0;
+		}
+		
+		quic_stream->sni_idx=quic_stream->ext_tag_num++;
 		get_quic_tlv((char *)payload+used_len, &(quic_stream->ext_tags[quic_stream->sni_idx]), ext_len, EXTENSION_SERVER_NAME, thread_seq);
 	}
+	else
+	{
+		return 0;
+	}
 
 	return 1;
 }
@@ -141,7 +155,7 @@ int parse_encrypt_server_name(struct _quic_stream *quic_stream, unsigned char *p
 int parse_encrypt_client_hello(void *pstream, struct _quic_stream *quic_stream, void *a_packet, unsigned char *payload, int payload_len)
 {
 	int used_len=0;
-	int flags=0;
+	int flags=0,ret=0;
 	int skip_len=0,client_hello_len=0;
 	int ext_type=0, extension_total_len=0;
 
@@ -193,7 +207,11 @@ int parse_encrypt_client_hello(void *pstream, struct _quic_stream *quic_stream,
 		switch(ext_type)
 		{
 			case	EXTENSION_SERVER_NAME:
-				parse_encrypt_server_name(quic_stream, payload+used_len, skip_len, 0);
+				ret=parse_encrypt_server_name(quic_stream, payload+used_len, skip_len, 0);
+				if(ret==0)
+				{
+					break;
+				}
 				flags=1;
 				break;
 			case	EXTENSION_QUIC_PARAM:
diff --git a/src/gquic_process.cpp b/src/gquic_process.cpp
index f878fb7..d7138d6 100644
--- a/src/gquic_process.cpp
+++ b/src/gquic_process.cpp
@@ -1140,11 +1140,21 @@ int parse_encrypt_server_name(struct _quic_stream *quic_stream, unsigned char *p
 {
 	int ext_len=0,used_len=0;
 	
-	quic_stream->sni_idx=quic_stream->ext_tag_num++;
-	get_value(payload, &used_len, 2);  //Server Name List length
+	ext_len=get_value(payload, &used_len, 2);  //Server Name List length
+	if(ext_len<=0 || ext_len>payload_len)
+	{
+		return 0;
+	}
+	
 	if(get_value(payload, &used_len, 1)==0)  //Server Name type
 	{
 		ext_len=get_value(payload, &used_len, 2);  //Server Name length
+		if(ext_len<=0 || ext_len>payload_len)
+		{
+			return 0;
+		}
+		
+		quic_stream->sni_idx=quic_stream->ext_tag_num++;
 		get_quic_tlv((char *)payload+used_len, &(quic_stream->ext_tags[quic_stream->sni_idx]), ext_len, EXTENSION_SERVER_NAME, thread_seq);
 	}
 
@@ -1155,7 +1165,7 @@ int parse_encrypt_client_hello(struct streaminfo *pstream, struct _quic_stream *
 {
 	int skip_len=0;
 	int used_len=0;
-	int flags=0;
+	int flags=0,ret=0;
 	int ext_type=0, extension_total_len=0;
 
 	get_value(payload, &used_len, 1);  //handshake type
@@ -1209,7 +1219,11 @@ int parse_encrypt_client_hello(struct streaminfo *pstream, struct _quic_stream *
 		switch(ext_type)
 		{
 			case	EXTENSION_SERVER_NAME:
-				parse_encrypt_server_name(quic_stream, payload+used_len, skip_len, pstream->threadnum);
+				ret=parse_encrypt_server_name(quic_stream, payload+used_len, skip_len, pstream->threadnum);
+				if(ret<=0)
+				{
+					break;
+				}
 				flags=1;
 				break;
 			case	EXTENSION_QUIC_PARAM: