From 68422e84de6eeee65cf6a9602e3e3d252c2d8ca9 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Mon, 15 Jun 2026 16:49:54 -0600 Subject: [PATCH] additional sanity check on alert message size --- src/internal.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/internal.c b/src/internal.c index 2f822d081f..6bf9927a54 100644 --- a/src/internal.c +++ b/src/internal.c @@ -22127,7 +22127,8 @@ static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type) dataSz -= ssl->keys.padSz; /* make sure can read the message */ - if (dataSz != ALERT_SIZE) { + if (dataSz != ALERT_SIZE || + *inOutIdx + ALERT_SIZE > ssl->buffers.inputBuffer.length) { #ifdef WOLFSSL_EXTRA_ALERTS SendAlert(ssl, alert_fatal, unexpected_message); #endif