From 608083f5591310aab51158d61341e758f7c59927 Mon Sep 17 00:00:00 2001
From: Eric Blankenhorn <eric@wolfssl.com>
Date: Wed, 17 Feb 2021 12:19:42 -0600
Subject: [PATCH] Add more checks for name->sz

---
 src/ssl.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 8fa25bbf4..f2c50075b 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -45602,14 +45602,17 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
     }
 #else
     if (flags == XN_FLAG_RFC2253) {
-        if (wolfSSL_BIO_write(bio, name->name + 1, name->sz - 2)
-                                                                != name->sz - 2)
+        if ((name->sz < 3) ||
+            (wolfSSL_BIO_write(bio, name->name + 1, name->sz - 2)
+                                                            != name->sz - 2))
             return WOLFSSL_FAILURE;
     }
 #endif /* WOLFSSL_APACHE_HTTPD || OPENSSL_ALL || WOLFSSL_NGINX */
-    else if (wolfSSL_BIO_write(bio, name->name, name->sz - 1) != name->sz - 1)
+    else {
+        if ((name->sz < 2) ||
+            (wolfSSL_BIO_write(bio, name->name, name->sz - 1) != name->sz - 1))
         return WOLFSSL_FAILURE;
-
+    }
     return WOLFSSL_SUCCESS;
 }
 #endif /* !NO_BIO */