diff --git a/kni_entry.c b/kni_entry.c
index 390a8cf..5efabc2 100644
--- a/kni_entry.c
+++ b/kni_entry.c
@@ -410,6 +410,7 @@ int kni_judge_ssl(int thread_seq,char* tcp_data,int tcp_datalen,char* sni,int* s
 
 //ssl extention
 	ssl_extention=ssl_body+ssl_body_len;
+	if(ssl_body - tcp_data + ssl_body_len >= tcp_datalen) return KNI_FLAG_UNKNOW;
 
 	extension_len_less=ntohs(*(unsigned short*)&ssl_extention[ext_offset]);
 	if(extension_len_less!=len_in_body-2-32-1-session_id_len-2-ciphersuite_len-1-compression_method_len-2)