From 7c93912f1d49d24cd7b6fb91d1284a209ac3a576 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Sun, 22 May 2016 16:10:47 -0700
Subject: [PATCH] reject messages that are too far from the future

---
 src/internal.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index 649ae522f..5d7e61359 100755
--- a/src/internal.c
+++ b/src/internal.c
@@ -6542,6 +6542,9 @@ static INLINE int DtlsCheckWindow(DtlsState* state)
     else if ((cur < next) && (window & ((DtlsSeq)1 << (next - cur - 1)))) {
         return 0;
     }
+    else if (cur > next + DTLS_SEQ_BITS) {
+        return 0;
+    }
 
     return 1;
 }