From b85637e06baa1ca858b8438c7e67d6dcdbf3e38e Mon Sep 17 00:00:00 2001
From: Nickolas Lapp <nick@wolfssl.com>
Date: Mon, 27 Jul 2015 10:43:49 -0600
Subject: [PATCH] Fixed bug when getting PEM encoded sz. Add idx check

---
 src/ssl.c              | 2 +-
 wolfcrypt/src/coding.c | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 5b7cc6f5e..0cb454215 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -15481,7 +15481,7 @@ int  wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
     word32 szNeeded = 0;
 
     WOLFSSL_ENTER("wolfSSL_get_chain_cert_pem");
-    if (!chain || !outLen)
+    if (!chain || !outLen || idx < 0 || idx >= wolfSSL_get_chain_count(chain))
         return BAD_FUNC_ARG;
 
     /* Null output buffer return size needed in outLen */
diff --git a/wolfcrypt/src/coding.c b/wolfcrypt/src/coding.c
index 21d10f9e9..c631d2960 100644
--- a/wolfcrypt/src/coding.c
+++ b/wolfcrypt/src/coding.c
@@ -225,7 +225,7 @@ static int CEscape(int escaped, byte e, byte* out, word32* i, word32 max,
     }
     *i = idx;
 
-    return getSzOnly ? LENGTH_ONLY_E : 0;
+    return 0;
 }
 
 
@@ -319,6 +319,8 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
         return ASN_INPUT_E;
 
     *outLen = i;
+    if(ret == 0)
+        return getSzOnly ? LENGTH_ONLY_E : 0;
     return ret;
 }