From b1442633ddca9ba17b18bfc4e777fa33bae3f35e Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Mon, 6 May 2019 15:36:58 -0600
Subject: [PATCH] sanity check on buffer size before copy

---
 src/tls13.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/tls13.c b/src/tls13.c
index c078f924c..cbf8628bf 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -3896,6 +3896,11 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     if (sessIdSz != ID_LEN && sessIdSz != 0)
         return INVALID_PARAMETER;
 #endif
+
+    if (sessIdSz + i > helloSz) {
+        return BUFFER_ERROR;
+    }
+
     ssl->session.sessionIDSz = sessIdSz;
     if (sessIdSz == ID_LEN) {
         XMEMCPY(ssl->session.sessionID, input + i, sessIdSz);