From 65aeb71d6c209a12c6f4b5fd11e466c9ed491b12 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Thu, 22 Aug 2019 11:36:35 -0600
Subject: [PATCH] sanity check on buffer size before reading short

---
 src/tls.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/tls.c b/src/tls.c
index e6dcd0858..d39c1076d 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -8024,6 +8024,8 @@ static int TLSX_PreSharedKey_Parse(WOLFSSL* ssl, byte* input, word16 length,
         list = (PreSharedKey*)extension->data;
 
         /* Length of binders. */
+        if (idx + OPAQUE16_LEN > length)
+            return BUFFER_E;
         ato16(input + idx, &len);
         idx += OPAQUE16_LEN;
         if (len < MIN_PSK_BINDERS_LEN || length - idx < len)