From b88eb32c1da8d08802276e2fab9323330da2f63c Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Wed, 8 Apr 2026 14:07:30 +0000 Subject: [PATCH] Guard against unsigned underflow in inputLength calculation Add bounds check before computing inputLength from curStartIdx + curSize to prevent unsigned underflow if *inOutIdx ever exceeds the record content boundary. --- src/internal.c | 2 ++ src/tls13.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/internal.c b/src/internal.c index fd82be8738..c009452d62 100644 --- a/src/internal.c +++ b/src/internal.c @@ -19088,6 +19088,8 @@ static int DoHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, /* curSize has already been reduced to content-only (padSz subtracted) * in ProcessReply, so curStartIdx + curSize bounds the content. */ + if (*inOutIdx > (word32)ssl->curStartIdx + ssl->curSize) + return BUFFER_ERROR; inputLength = ssl->curStartIdx + ssl->curSize - *inOutIdx; /* If there is a pending fragmented handshake message, diff --git a/src/tls13.c b/src/tls13.c index 5137ad8133..a3ad1eacf5 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -13936,6 +13936,8 @@ int DoTls13HandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, /* curSize has already been reduced to content-only (padSz subtracted) * in ProcessReply, so curStartIdx + curSize bounds the content. */ + if (*inOutIdx > (word32)ssl->curStartIdx + ssl->curSize) + return BUFFER_ERROR; inputLength = ssl->curStartIdx + ssl->curSize - *inOutIdx; /* If there is a pending fragmented handshake message,