From c06fa48e75da4dfbba4d52774a95ad8e5a2bbf70 Mon Sep 17 00:00:00 2001
From: Ruby Martin <ruby@wolfssl.com>
Date: Tue, 1 Jul 2025 14:25:35 -0600
Subject: [PATCH] return NULL on negative length

---
 src/ssl_p7p12.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/ssl_p7p12.c b/src/ssl_p7p12.c
index 4fc3e52cf..c95997269 100644
--- a/src/ssl_p7p12.c
+++ b/src/ssl_p7p12.c
@@ -317,6 +317,10 @@ PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7)
         return NULL;
 
     pkcs7->len = wolfSSL_BIO_get_len(bio);
+    if (pkcs7->len < 0){
+        wolfSSL_PKCS7_free((PKCS7*)pkcs7);
+        return NULL;
+    }
     pkcs7->data = (byte*)XMALLOC(pkcs7->len, NULL, DYNAMIC_TYPE_PKCS7);
     if (pkcs7->data == NULL) {
         wolfSSL_PKCS7_free((PKCS7*)pkcs7);