From d6b4b27cd15477152b2d52b61b0122b32be8d9e8 Mon Sep 17 00:00:00 2001
From: JacobBarthelmeh <jacob@wolfssl.com>
Date: Mon, 18 Mar 2024 16:42:15 +0700
Subject: [PATCH] CID 299893 out of bounds read with XMEMCMP

---
 src/tls13.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/tls13.c b/src/tls13.c
index 512d16e9c..9a2e240cd 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -10382,7 +10382,8 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
     if (sniff == NO_SNIFF) {
         /* Actually check verify data. */
-        if (XMEMCMP(input + *inOutIdx, mac, size) != 0){
+        if (size > WC_MAX_DIGEST_SIZE ||
+                XMEMCMP(input + *inOutIdx, mac, size) != 0){
             WOLFSSL_MSG("Verify finished error on hashes");
             SendAlert(ssl, alert_fatal, decrypt_error);
             WOLFSSL_ERROR_VERBOSE(VERIFY_FINISHED_ERROR);