From bf6300323739a6a1fe5a643bc3dd19889b1f7113 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Wed, 20 Jun 2018 16:48:40 -0600
Subject: [PATCH] sanity check before reading word16 from buffer

---
 src/tls13.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/tls13.c b/src/tls13.c
index cb30d0536..ac9bd57eb 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -2866,6 +2866,8 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 #endif
     {
         /* Get extension length and length check. */
+        if ((i - begin) + OPAQUE16_LEN > helloSz)
+            return BUFFER_ERROR;
         ato16(&input[i], &totalExtSz);
         i += OPAQUE16_LEN;
         if ((i - begin) + totalExtSz > helloSz)