Added more bounds checking when saving a DTLS message fragment.

wolfSSL · Aug 14, 2014 · 7e6b3a8 · 7e6b3a8
1 parent 9d4fb79
commit 7e6b3a8
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/src/internal.c b/src/internal.c
@@ -2267,7 +2267,9 @@ void DtlsMsgListDelete(DtlsMsg* head, void* heap)
 void DtlsMsgSet(DtlsMsg* msg, word32 seq, const byte* data, byte type,
                                               word32 fragOffset, word32 fragSz)
 {
-    if (msg != NULL && data != NULL && msg->fragSz <= msg->sz) {
+    if (msg != NULL && data != NULL && msg->fragSz <= msg->sz &&
+                     fragOffset < msg->sz && (fragOffset + fragSz) <= msg->sz) {
+
         msg->seq = seq;
         msg->type = type;
         msg->fragSz += fragSz;