From 85437e4097591605b975388c12ebab7ed6141108 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Mon, 13 Jul 2020 17:17:57 -0600
Subject: [PATCH] add sanity check on padSz

---
 src/internal.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index dbcc565a8..354a8e228 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -15335,6 +15335,13 @@ int ProcessReply(WOLFSSL* ssl)
                 if (ssl->options.tls1_3) {
                     word16 i = (word16)(ssl->buffers.inputBuffer.length -
                                         ssl->keys.padSz);
+
+                    /* sanity check on underflow */
+                    if (ssl->keys.padSz >= ssl->buffers.inputBuffer.length) {
+                        WOLFSSL_ERROR(DECRYPT_ERROR);
+                        return DECRYPT_ERROR;
+                    }
+
                     /* Remove padding from end of plain text. */
                     for (--i; i > ssl->buffers.inputBuffer.idx; i--) {
                         if (ssl->buffers.inputBuffer.buffer[i] != 0)