From 223903717ac5e72db0603905f8ce7269445e390f Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Fri, 2 Mar 2018 09:38:11 -0700
Subject: [PATCH] add sanity check for short read

---
 src/tls.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/tls.c b/src/tls.c
index c6bf6cdc2..2fb8bd422 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -2618,6 +2618,10 @@ static int TLSX_CSR2_Parse(WOLFSSL* ssl, byte* input, word16 length,
         word16 size = 0;
 
         /* list size */
+        if (offset + OPAQUE16_LEN >= length) {
+            return BUFFER_E;
+        }
+
         ato16(input + offset, &request_length);
         offset += OPAQUE16_LEN;