Merge pull request #2889 from JacobBarthelmeh/SanityChecks

sanity check on input length before secure renegotiation compare

src/tls.c

@@ -4793,6 +4793,11 @@ static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, byte* input,
                 }
             }
             else if (*input == TLS_FINISHED_SZ) {
+                if (length < TLS_FINISHED_SZ + 1) {
+                    WOLFSSL_MSG("SCR malformed buffer");
+                    ret = BUFFER_E;
+                }
+                else {
                     input++; /* get past size */
 
                     /* validate client verify data */
@@ -4807,6 +4812,7 @@ static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, byte* input,
                         WOLFSSL_MSG("SCR client verify data Failure");
                     }
                 }
+            }
         #endif
         }
         else {