From ef394908a7d716c9fd807500e70dd05e17bee67d Mon Sep 17 00:00:00 2001
From: JacobBarthelmeh <jacob@wolfssl.com>
Date: Fri, 15 Sep 2023 15:35:35 -0600
Subject: [PATCH] additional sanity check on input buffer size

---
 src/wolfsftp.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/wolfsftp.c b/src/wolfsftp.c
index 388188f6d..89f37fed3 100644
--- a/src/wolfsftp.c
+++ b/src/wolfsftp.c
@@ -5174,6 +5174,11 @@ int wolfSSH_SFTP_RecvFSetSTAT(WOLFSSH* ssh, int reqId, byte* data, word32 maxSz)
 
     WLOG(WS_LOG_SFTP, "Receiving WOLFSSH_FTP_FSETSTAT");
 
+    if (maxSz < UINT32_SZ) {
+        /* not enough for an ato32 call */
+        return WS_BUFFER_E;
+    }
+
     /* get file handle */
     ato32(data + idx, &sz); idx += UINT32_SZ;
     if (sz + idx > maxSz || sz > WOLFSSH_MAX_HANDLE) {