From a09e3bb3e742964ce548d336f3de8849ded75640 Mon Sep 17 00:00:00 2001
From: Colton Willey <colton@wolfssl.com>
Date: Fri, 16 Aug 2024 10:43:11 -0700
Subject: [PATCH] Use signed variable for length calculation in
 SendTls13Certificate

---
 src/tls13.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/tls13.c b/src/tls13.c
index 55c9fabe5..f20f43255 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -8459,12 +8459,13 @@ static int SendTls13Certificate(WOLFSSL* ssl)
     int    ret = 0;
     word32 certSz, certChainSz, headerSz, listSz, payloadSz;
     word16 extSz = 0;
-    word32 length, maxFragment;
+    word32 maxFragment;
     word32 len = 0;
     word32 idx = 0;
     word32 offset = OPAQUE16_LEN;
     byte*  p = NULL;
     byte   certReqCtxLen = 0;
+    sword32 length;
 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
     byte*  certReqCtx = NULL;
 #endif
@@ -8510,7 +8511,7 @@ static int SendTls13Certificate(WOLFSSL* ssl)
         listSz = 0;
     }
     else {
-        if (!ssl->buffers.certificate) {
+        if (!ssl->buffers.certificate || !ssl->buffers.certificate) {
             WOLFSSL_MSG("Send Cert missing certificate buffer");
             return NO_CERT_ERROR;
         }