From 50448ef7c696540a8de89f80cbac088619993837 Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Wed, 25 Mar 2026 10:22:10 -0600 Subject: [PATCH] add guard for integer underflow in DecryptTls13 --- src/tls13.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/tls13.c b/src/tls13.c index e63e824d79..870c8f94a5 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -2966,11 +2966,15 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz, const byte* aad, word16 aadSz) { int ret = 0; - word16 dataSz = sz - ssl->specs.aead_mac_size; + word16 dataSz; word16 macSz = ssl->specs.aead_mac_size; word32 nonceSz = 0; WOLFSSL_ENTER("DecryptTls13"); + if (sz < ssl->specs.aead_mac_size) { + return BAD_FUNC_ARG; + } + dataSz = sz - ssl->specs.aead_mac_size; #if defined(WOLFSSL_RENESAS_TSIP_TLS) ret = tsip_Tls13AesDecrypt(ssl, output, input, sz);