From 2590aebfd9c5169e51724208481e3102217fa3c7 Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Thu, 30 Jan 2025 17:59:48 +0100
Subject: [PATCH] dtls13: don't overrun hdr->epoch

---
 src/dtls13.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/dtls13.c b/src/dtls13.c
index d2516564b..a9beec6ca 100644
--- a/src/dtls13.c
+++ b/src/dtls13.c
@@ -185,7 +185,8 @@ int Dtls13RlAddPlaintextHeader(WOLFSSL* ssl, byte* out,
     /* seq[0] combines the epoch and 16 MSB of sequence number. We write on the
        epoch field and will overflow to the first two bytes of the sequence
        number */
-    c32toa(seq[0], hdr->epoch);
+    c16toa((word16)(seq[0] >> 16), hdr->epoch);
+    c16toa((word16)seq[0], hdr->sequenceNumber);
     c32toa(seq[1], &hdr->sequenceNumber[2]);
 
     c16toa(length, hdr->length);