From 7e6b3a86d599aca60056582340e6581461587229 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Thu, 14 Aug 2014 15:14:29 -0700
Subject: [PATCH] Added more bounds checking when saving a DTLS message
 fragment.

---
 src/internal.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/internal.c b/src/internal.c
index eb7baccb5..fb7b42217 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -2267,7 +2267,9 @@ void DtlsMsgListDelete(DtlsMsg* head, void* heap)
 void DtlsMsgSet(DtlsMsg* msg, word32 seq, const byte* data, byte type,
                                               word32 fragOffset, word32 fragSz)
 {
-    if (msg != NULL && data != NULL && msg->fragSz <= msg->sz) {
+    if (msg != NULL && data != NULL && msg->fragSz <= msg->sz &&
+                     fragOffset < msg->sz && (fragOffset + fragSz) <= msg->sz) {
+
         msg->seq = seq;
         msg->type = type;
         msg->fragSz += fragSz;