From 635d326812d9c188b61f64054f17a92f3fc941a8 Mon Sep 17 00:00:00 2001
From: JacobBarthelmeh <jacob@wolfssl.com>
Date: Mon, 18 Mar 2024 15:03:04 +0700
Subject: [PATCH] CID 337232 sanity check on tainted scalar

---
 src/quic.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/quic.c b/src/quic.c
index 02622a7e4..f9e3b4c57 100644
--- a/src/quic.c
+++ b/src/quic.c
@@ -129,6 +129,13 @@ static int quic_record_append(WOLFSSL *ssl, QuicRecord *qr, const uint8_t *data,
         consumed = missing;
 
         qr->len = qr_length(qr->data, qr->end);
+
+        /* sanity check on length read from wire before use */
+        if (qr->len > (len + qr->capacity)) {
+            ret = BUFFER_E;
+            goto cleanup;
+        }
+
         if (qr->len > qr->capacity) {
             uint8_t *ndata = (uint8_t*)XREALLOC(qr->data, qr->len, ssl->heap,
                                                 DYNAMIC_TYPE_TMP_BUFFER);