From 1576cf9edcbf97eff34786c55e491f33b1af45ed Mon Sep 17 00:00:00 2001 From: Reda Chouk Date: Wed, 15 Apr 2026 14:36:35 +0200 Subject: [PATCH] add exact-boundary tests at wolfssl_quic_max_record_capacity and cap+1 to catch off-by-onee mutations in the early data capacity check --- tests/quic.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/tests/quic.c b/tests/quic.c index 1326692260..3e8ed2a428 100644 --- a/tests/quic.c +++ b/tests/quic.c @@ -412,7 +412,21 @@ static int test_quic_record_cap(void) { wolfSSL_free(ssl); ssl = NULL; - /* early_data within cap must succeed */ + /* early_data at exactly cap must succeed */ + ExpectNotNull(ssl = wolfSSL_new(ctx)); + ExpectTrue(provide_data(ssl, wolfssl_encryption_early_data, buf, + WOLFSSL_QUIC_MAX_RECORD_CAPACITY, 0)); + wolfSSL_free(ssl); + ssl = NULL; + + /* early_data at cap+1 must be rejected */ + ExpectNotNull(ssl = wolfSSL_new(ctx)); + ExpectTrue(provide_data(ssl, wolfssl_encryption_early_data, buf, + (size_t)WOLFSSL_QUIC_MAX_RECORD_CAPACITY + 1U, 1)); + wolfSSL_free(ssl); + ssl = NULL; + + /* early_data well within cap must succeed */ ExpectNotNull(ssl = wolfSSL_new(ctx)); ExpectTrue(provide_data(ssl, wolfssl_encryption_early_data, buf, 1024, 0)); wolfSSL_free(ssl);