From 36b64fb5ae609b782bd0e742fe2d4ec52e3064c2 Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Thu, 23 Oct 2025 13:27:44 +0200
Subject: [PATCH] x509: make sure pem buffer will be large enough to hold pem
 header

Found with Fil-C compiler
---
 src/x509.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/x509.c b/src/x509.c
index 988cb32ba..17a5ac2dd 100644
--- a/src/x509.c
+++ b/src/x509.c
@@ -12368,7 +12368,7 @@ WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(XFILE fp,
             return WOLFSSL_FAILURE;
         }
 
-        if ((l = wolfSSL_BIO_get_len(bio)) <= 0) {
+        if ((l = wolfSSL_BIO_get_len(bio)) <= pem_struct_min_sz) {
             /* No certificate in buffer */
             WOLFSSL_ERROR(ASN_NO_PEM_HEADER);
             return WOLFSSL_FAILURE;