diff --git a/src/internal.c b/src/internal.c
index 1806387..dca0fe5 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -2989,14 +2989,15 @@ static int DoKexDhReply(WOLFSSH* ssh, byte* buf, word32 len, word32* idx)
             if (ret == WS_SUCCESS) {
                 pubKeyIdx += scratch;
                 ret = GetUint32(&eSz, pubKey, pubKeySz, &pubKeyIdx);
+                if (ret == WS_SUCCESS && eSz > len - pubKeyIdx)
+                    ret = WS_BUFFER_E;
             }
             if (ret == WS_SUCCESS) {
                 e = pubKey + pubKeyIdx;
                 pubKeyIdx += eSz;
                 ret = GetUint32(&nSz, pubKey, pubKeySz, &pubKeyIdx);
-                if (ret == WS_SUCCESS && (nSz + pubKeyIdx > len)) {
+                if (ret == WS_SUCCESS && nSz > len - pubKeyIdx)
                     ret = WS_BUFFER_E;
-                }
             }
             if (ret == WS_SUCCESS) {
                 n = pubKey + pubKeyIdx;