From 4b3f6ada8a342df16d2aff1309013aa9a0b825ae Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Thu, 15 Sep 2022 16:18:24 +0200
Subject: [PATCH 1/2] Do not allow 0 size DtlsMsg

---
 src/internal.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/internal.c b/src/internal.c
index 6cc3427a5..38e5c352e 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -8147,6 +8147,11 @@ DtlsMsg* DtlsMsgNew(word32 sz, byte tx, void* heap)
     DtlsMsg* msg;
     WOLFSSL_ENTER("DtlsMsgNew()");
 
+    if (sz == 0) {
+        WOLFSSL_MSG("DtlsMsgNew: sz == 0 not allowed");
+        return NULL;
+    }
+
     (void)heap;
     msg = (DtlsMsg*)XMALLOC(sizeof(DtlsMsg), heap, DYNAMIC_TYPE_DTLS_MSG);
 
@@ -8629,7 +8634,6 @@ int DtlsMsgPoolSave(WOLFSSL* ssl, const byte* data, word32 dataSz,
         DtlsMsg* cur = ssl->dtls_tx_msg_list;
 
         XMEMCPY(item->raw, data, dataSz);
-        item->sz = dataSz;
         item->epoch = ssl->keys.dtls_epoch;
         item->seq = ssl->keys.dtls_handshake_number;
         item->type = type;

From 9ef10b54358794f172994c49a02f815942bf8eea Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Fri, 16 Sep 2022 12:13:12 +0200
Subject: [PATCH 2/2] Check return of DtlsMsgCreateFragBucket()

---
 src/internal.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 38e5c352e..2594f1a53 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -8427,8 +8427,13 @@ int DtlsMsgSet(DtlsMsg* msg, word32 seq, word16 epoch, const byte* data, byte ty
     if (msg->fragBucketList == NULL) {
         /* Clean list. Create first fragment. */
         msg->fragBucketList = DtlsMsgCreateFragBucket(fragOffset, data, fragSz, heap);
-        msg->bytesReceived = fragSz;
-        msg->fragBucketListCount++;
+        if (msg->fragBucketList != NULL) {
+            msg->bytesReceived = fragSz;
+            msg->fragBucketListCount++;
+        }
+        else {
+            return MEMORY_ERROR;
+        }
     }
     else {
         /* See if we can expand any existing bucket to fit this new data into */