From b3e90bef47b8bc21410af49a4ddbf6262b749447 Mon Sep 17 00:00:00 2001 From: aidan garske Date: Thu, 25 Jun 2026 14:27:05 -0700 Subject: [PATCH] F-5856 - Check QUIC early data length before narrowing to word32 --- src/quic.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/quic.c b/src/quic.c index d178f66bce..5df8b29dc0 100644 --- a/src/quic.c +++ b/src/quic.c @@ -75,12 +75,12 @@ static QuicRecord *quic_record_make(WOLFSSL *ssl, XMEMSET(qr, 0, sizeof(*qr)); qr->level = level; if (level == wolfssl_encryption_early_data) { - qr->capacity = qr->len = (word32)len; - if (qr->capacity > WOLFSSL_QUIC_MAX_RECORD_CAPACITY) { + if (len > (size_t)WOLFSSL_QUIC_MAX_RECORD_CAPACITY) { WOLFSSL_MSG("QUIC early data length larger than expected"); quic_record_free(ssl, qr); return NULL; } + qr->capacity = qr->len = (word32)len; } else { qr->capacity = qr->len = (word32) qr_length(data, len);