From 9c7bea46d24b4dab092adb299b2717ddee8e7a44 Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Fri, 24 Jun 2016 14:42:06 -0600
Subject: [PATCH] fix out of bounds read in PemToDer with 0 size der buffer, CU
 #4

---
 src/ssl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ssl.c b/src/ssl.c
index d4fcaa0ba..5902ef8c2 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -3551,7 +3551,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
 
     /* set up der buffer */
     neededSz = (long)(footerEnd - headerEnd);
-    if (neededSz > sz || neededSz < 0)
+    if (neededSz > sz || neededSz <= 0)
         return SSL_BAD_FILE;
 
     ret = AllocDer(pDer, (word32)neededSz, type, heap);