From: Stefan Eissing <stefan@eissing.org>
Date: Thu, 25 Sep 2025 09:25:17 +0000 (+0200)
Subject: wolfssl: check BIO read parameters
X-Git-Tag: rc-8_17_0-1~244
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9e8b05fb995ed36dee08e19953faa2ab48d9304b;p=thirdparty%2Fcurl.git

wolfssl: check BIO read parameters

Check parameters passed more thoroughly and assure that current 'data'
also exists.

Reported in Joshua's sarif data

Closes #18718
---

diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c
index 693cbdc92e..0cf6e0e4a5 100644
--- a/lib/vtls/wolfssl.c
+++ b/lib/vtls/wolfssl.c
@@ -362,8 +362,11 @@ static int wssl_bio_cf_in_read(WOLFSSL_BIO *bio, char *buf, int blen)
   CURLcode result = CURLE_OK;
 
   DEBUGASSERT(data);
-  /* OpenSSL catches this case, so should we. */
-  if(!buf)
+  if(!data || (blen < 0)) {
+    wssl->io_result = CURLE_FAILED_INIT;
+    return -1;
+  }
+  if(!buf || !blen)
     return 0;
 
   if((connssl->connecting_state == ssl_connect_2) &&