From 8bba628f3f9e6b74cb5a28f3a9bca9a097c7d613 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Thu, 30 Jun 2016 13:42:38 -0600
Subject: [PATCH] sanity check in function GetInputData and when shrinking
 buffer

---
 src/internal.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index a7c533114..7efe08934 100755
--- a/src/internal.c
+++ b/src/internal.c
@@ -4814,7 +4814,7 @@ void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree)
 
     WOLFSSL_MSG("Shrinking input buffer\n");
 
-    if (!forcedFree && usedLength)
+    if (!forcedFree && usedLength > 0)
         XMEMCPY(ssl->buffers.inputBuffer.staticBuffer,
                ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx,
                usedLength);
@@ -8902,14 +8902,16 @@ static int GetInputData(WOLFSSL *ssl, word32 size)
     }
 #endif
 
+    /* check that no lengths or size values are negative */
+    if (usedLength < 0 || maxLength < 0 || inSz <= 0) {
+        return BUFFER_ERROR;
+    }
+
     if (inSz > maxLength) {
         if (GrowInputBuffer(ssl, size + dtlsExtra, usedLength) < 0)
             return MEMORY_E;
     }
 
-    if (inSz <= 0)
-        return BUFFER_ERROR;
-
     /* Put buffer data at start if not there */
     if (usedLength > 0 && ssl->buffers.inputBuffer.idx != 0)
         XMEMMOVE(ssl->buffers.inputBuffer.buffer,