additional sanity check on input buffer size

wolfSSL · Sep 15, 2023 · ef39490 · ef39490
1 parent d84e3b3
commit ef39490
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/src/wolfsftp.c b/src/wolfsftp.c
@@ -5174,6 +5174,11 @@ int wolfSSH_SFTP_RecvFSetSTAT(WOLFSSH* ssh, int reqId, byte* data, word32 maxSz)
 
     WLOG(WS_LOG_SFTP, "Receiving WOLFSSH_FTP_FSETSTAT");
 
+    if (maxSz < UINT32_SZ) {
+        /* not enough for an ato32 call */
+        return WS_BUFFER_E;
+    }
+
     /* get file handle */
     ato32(data + idx, &sz); idx += UINT32_SZ;
     if (sz + idx > maxSz || sz > WOLFSSH_MAX_HANDLE) {