From 5d498471478a87c650d1d4a402c028f9f851c754 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Fri, 19 Nov 2021 13:55:03 -0700
Subject: [PATCH] sanity check on pem size

---
 src/ssl.c | 28 +++++++++++++++++-----------
 1 file changed, 17 insertions(+), 11 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index aba4ea5c4..8c49b1503 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -43032,10 +43032,11 @@ cleanup:
             return NULL;
         }
 
-        pem = (unsigned char*)XMALLOC(l, 0, DYNAMIC_TYPE_PEM);
+        pemSz = (int)l;
+        pem   = (unsigned char*)XMALLOC(pemSz, 0, DYNAMIC_TYPE_PEM);
         if (pem == NULL)
             return NULL;
-        XMEMSET(pem, 0, l);
+        XMEMSET(pem, 0, pemSz);
 
         i = 0;
         if (wc_PemGetHeaderFooter(type, NULL, &footer) != 0) {
@@ -43069,15 +43070,20 @@ cleanup:
     #else
         (void)l;
     #endif
-        pemSz = (int)i;
-    #ifdef WOLFSSL_CERT_REQ
-        if (type == CERTREQ_TYPE)
-            x509 = wolfSSL_X509_REQ_load_certificate_buffer(pem, pemSz,
-                                                        WOLFSSL_FILETYPE_PEM);
-        else
-    #endif
-            x509 = wolfSSL_X509_load_certificate_buffer(pem, pemSz,
-                                                        WOLFSSL_FILETYPE_PEM);
+        if (i > pemSz) {
+            WOLFSSL_MSG("Error parsing PEM");
+        }
+        else {
+            pemSz = (int)i;
+        #ifdef WOLFSSL_CERT_REQ
+            if (type == CERTREQ_TYPE)
+                x509 = wolfSSL_X509_REQ_load_certificate_buffer(pem, pemSz,
+                                                          WOLFSSL_FILETYPE_PEM);
+            else
+        #endif
+                x509 = wolfSSL_X509_load_certificate_buffer(pem, pemSz,
+                                                          WOLFSSL_FILETYPE_PEM);
+        }
 
         if (x != NULL) {
             *x = x509;