From 70d03f3ba03522a47dcafe1d2dc6edf9fbcb89f7 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Tue, 14 Apr 2020 10:13:37 -0700
Subject: [PATCH] DTLS Fuzz Fix Only save a next epoch message if it is in the
 next epoch, not any future epoch.

---
 src/internal.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/internal.c b/src/internal.c
index f207d4d4f..11142fcfc 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -14747,7 +14747,8 @@ int ProcessReply(WOLFSSL* ssl)
                                        &ssl->curRL, &ssl->curSize);
 #ifdef WOLFSSL_DTLS
             if (ssl->options.dtls && ret == SEQUENCE_ERROR) {
-                if (ssl->keys.curEpoch != 0) {
+                if (ssl->keys.curEpoch == ssl->keys.dtls_epoch + 1) {
+                    /* Store if in the next epoch. Probably finished. */
                     word32 sz = ssl->buffers.inputBuffer.length -
                                 ssl->buffers.inputBuffer.idx +
                                 DTLS_RECORD_HEADER_SZ;