From 400d3c696370e6d6c1812b704987b85ed249b2fc Mon Sep 17 00:00:00 2001
From: Marco Oliverio <marco@wolfssl.com>
Date: Tue, 20 Sep 2022 09:30:30 +0200
Subject: [PATCH] dtls13: Dtls13ParseUnifiedRecordLayer: add overflow check

---
 src/dtls13.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/dtls13.c b/src/dtls13.c
index d1389ded2..09c04c486 100644
--- a/src/dtls13.c
+++ b/src/dtls13.c
@@ -1362,6 +1362,8 @@ int Dtls13ParseUnifiedRecordLayer(WOLFSSL* ssl, const byte* input,
        to create record number xor mask). (draft 43 - Sec 4.2.3) */
     if (hdrInfo->recordLength < DTLS13_RN_MASK_SIZE)
         return LENGTH_ERROR;
+    if (inputSize < idx + DTLS13_RN_MASK_SIZE)
+        return BUFFER_ERROR;
 
     ret = Dtls13EncryptDecryptRecordNumber(ssl, seqNum, seqLen, input + idx,
         DEPROTECT);