From 55538b5de0a0774a1507ac298ac01e21ece3ed26 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Wed, 3 May 2017 10:21:03 -0600
Subject: [PATCH] sanity check on input buffer index

---
 src/internal.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/internal.c b/src/internal.c
index 94d508bf8..3a71bcbf1 100755
--- a/src/internal.c
+++ b/src/internal.c
@@ -10633,7 +10633,13 @@ int ProcessReply(WOLFSSL* ssl)
 
                 if (IsEncryptionOn(ssl, 0)) {
                     WOLFSSL_MSG("Bundled encrypted messages, remove middle pad");
-                    ssl->buffers.inputBuffer.idx -= ssl->keys.padSz;
+                    if (ssl->buffers.inputBuffer.idx >= ssl->keys.padSz) {
+                        ssl->buffers.inputBuffer.idx -= ssl->keys.padSz;
+                    }
+                    else {
+                        WOLFSSL_MSG("\tmiddle padding error");
+                        return FATAL_ERROR;
+                    }
                 }
 
                 continue;