From d6efc07bc943b0828aa1b653b342ccbab0b8dd25 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Mon, 18 Mar 2019 14:28:01 -0600
Subject: [PATCH] sanity check on size returned

---
 src/internal.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 3e78e47..fdcaa73 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -1500,8 +1500,15 @@ static int GetInputData(WOLFSSH* ssh, word32 size)
             return WS_FATAL_ERROR;
         }
 
-        ssh->inputBuffer.length += in;
-        inSz -= in;
+        if (in >= 0) {
+            ssh->inputBuffer.length += in;
+            inSz -= in;
+        }
+        else {
+            /* all other unexpected negative values is a failure case */
+            ssh->error = WS_FATAL_ERROR;
+            return WS_FATAL_ERROR;
+        }
 
     } while (ssh->inputBuffer.length < size);