From 94d9ce1dfa1c8ca4292bbe9eefccb512e56c3719 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Wed, 8 May 2019 09:33:35 -0600
Subject: [PATCH] sanity check on buffer size

---
 src/tls.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/tls.c b/src/tls.c
index 905ba0320..4c1139bf4 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -10133,6 +10133,11 @@ int TLSX_ParseVersion(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
         word16 type;
         word16 size;
 
+        if (offset + (2 * OPAQUE16_LEN) > length) {
+            ret = BUFFER_ERROR;
+            break;
+        }
+
         ato16(input + offset, &type);
         offset += HELLO_EXT_TYPE_SZ;