From 9e8b05fb995ed36dee08e19953faa2ab48d9304b Mon Sep 17 00:00:00 2001
From: Stefan Eissing <stefan@eissing.org>
Date: Thu, 25 Sep 2025 11:25:17 +0200
Subject: [PATCH] wolfssl: check BIO read parameters

Check parameters passed more thoroughly and assure that current 'data'
also exists.

Reported in Joshua's sarif data

Closes #18718
---
 lib/vtls/wolfssl.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c
index 693cbdc92e..0cf6e0e4a5 100644
--- a/lib/vtls/wolfssl.c
+++ b/lib/vtls/wolfssl.c
@@ -362,8 +362,11 @@ static int wssl_bio_cf_in_read(WOLFSSL_BIO *bio, char *buf, int blen)
   CURLcode result = CURLE_OK;
 
   DEBUGASSERT(data);
-  /* OpenSSL catches this case, so should we. */
-  if(!buf)
+  if(!data || (blen < 0)) {
+    wssl->io_result = CURLE_FAILED_INIT;
+    return -1;
+  }
+  if(!buf || !blen)
     return 0;
 
   if((connssl->connecting_state == ssl_connect_2) &&
-- 
2.47.3