From 41f3a006acb00db40b3b821b30836c2e1aeed8ba Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Tue, 8 Jun 2021 00:37:31 +0700
Subject: [PATCH] sanity check on padding size imported

---
 src/internal.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index 1bd033218..c6d83d7e6 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -855,6 +855,11 @@ static int ImportCipherSpecState(WOLFSSL* ssl, const byte* exp, word32 len,
     specs->pad_size              = exp[idx++];
     specs->static_ecdh           = exp[idx++];
 
+    if (specs->pad_size != PAD_MD5 && specs->pad_size != PAD_SHA) {
+        WOLFSSL_MSG("Importing bad or unknown pad size");
+        return BAD_STATE_E;
+    }
+
     /* temporarly save the sequence numbers */
     tmp_seq_peer_lo = ssl->keys.peer_sequence_number_lo;
     tmp_seq_peer_hi = ssl->keys.peer_sequence_number_hi;