Merge pull request #2842 from julek-wolfssl/set_curve_groups_list

Check length to avoid XSTRNCMP accessing  memory after `list`

src/ssl.c

@@ -35084,7 +35084,7 @@ const char* wolfSSL_EC_curve_nid2nist(int nid)
 static int populate_groups(int* groups, int max_count, char *list)
 {
     char *end;
-    size_t len;
+    int len;
     int count = 0;
     const WOLF_EC_NIST_NAME* nist_name;
 
@@ -35098,15 +35098,16 @@ static int populate_groups(int* groups, int max_count, char *list)
             return -1;
         }
         while (*end != ':' && *end != '\0') end++;
-        len = end - list; /* end points to char after end
+        len = (int)(end - list); /* end points to char after end
-                           * of curve name so no need for -1 */
+                                  * of curve name so no need for -1 */
         if ((len < kNistCurves_MIN_NAME_LEN) ||
                 (len > kNistCurves_MAX_NAME_LEN)) {
             WOLFSSL_MSG("Unrecognized curve name in list");
             return -1;
         }
         for (nist_name = kNistCurves; nist_name->name != NULL; nist_name++) {
-            if (XSTRNCMP(list, nist_name->name, nist_name->name_len) == 0) {
+            if (len == nist_name->name_len &&
+                    XSTRNCMP(list, nist_name->name, nist_name->name_len) == 0) {
                 break;
             }
         }