From b4c0301f5762aaa4061d7ce155b67d9386b76908 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Thu, 25 Mar 2021 22:59:14 +0700
Subject: [PATCH] add sanity check on serial size

---
 src/ssl.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 4fe216c44..88527a3a2 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -41269,9 +41269,11 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
                 WOLFSSL_MSG("Serial size error");
                 return WOLFSSL_FAILURE;
             }
-            if ((int)sizeof(cert->serial) < serialSz) {
-                WOLFSSL_MSG("Serial buffer too small");
-                return BUFFER_E;
+
+            if (serialSz > EXTERNAL_SERIAL_SIZE ||
+                    serialSz > CTC_SERIAL_SIZE) {
+                WOLFSSL_MSG("Serial size too large error");
+                return WOLFSSL_FAILURE;
             }
             XMEMCPY(cert->serial, serial, serialSz);
             cert->serialSz = serialSz;