From 71943844d699c0090abc4f8a094a7110191bcdf4 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Thu, 21 Nov 2019 14:51:35 -0800
Subject: [PATCH] Maintenance: OCSP 1. Add a couple more bounds checks to
 wolfIO_HttpProcessResponseBuf().

---
 src/wolfio.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/wolfio.c b/src/wolfio.c
index 5301362c7..8e72821fc 100644
--- a/src/wolfio.c
+++ b/src/wolfio.c
@@ -980,6 +980,11 @@ static int wolfIO_HttpProcessResponseBuf(int sfd, byte **recvBuf,
     (void)heap;
     (void)dynType;
 
+    if (chunkSz < 0 || len < 0) {
+        WOLFSSL_MSG("wolfIO_HttpProcessResponseBuf invalid chunk or length size");
+        return MEMORY_E;
+    }
+
     if (newRecvSz <= 0) {
         WOLFSSL_MSG("wolfIO_HttpProcessResponseBuf new receive size overflow");
         return MEMORY_E;