From b70e76a1e6ffd1596915bc337d8975b904bdd8f6 Mon Sep 17 00:00:00 2001
From: Deomid rojer Ryabkov <rojer@rojer.me>
Date: Mon, 27 Jan 2025 22:37:37 +0400
Subject: [PATCH] Add a safety check for in_hsfraglen

Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
---
 library/ssl_msg.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 36a8611109..3eb49e2b26 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -3297,6 +3297,9 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
     } else
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
     {
+        if (ssl->in_hsfraglen > ssl->in_hslen) {
+            return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+        }
         int ret;
         const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen;
         MBEDTLS_SSL_DEBUG_MSG(3,