add sanity check on send callback sent value

cyassl/error-ssl.h

@@ -114,10 +114,11 @@ enum CyaSSL_ErrorCodes {
     CACHE_MATCH_ERROR       = -280,        /* chache hdr match error */
     UNKNOWN_SNI_HOST_NAME_E = -281,        /* Unrecognized host name Error */
     UNKNOWN_MAX_FRAG_LEN_E  = -282,        /* Unrecognized max frag len Error */
-    /* add strings to SetErrorString !!!!! */
     KEYUSE_SIGNATURE_E      = -283,        /* KeyUse digSignature error */
     KEYUSE_ENCIPHER_E       = -285,        /* KeyUse keyEncipher error */
     EXTKEYUSE_AUTH_E        = -286,        /* ExtKeyUse server|client_auth */
+    SEND_OOB_READ_E         = -287,        /* Send Cb out of bounds read */
+    /* add strings to SetErrorString !!!!! */
 
     /* begin negotiation parameter errors */
     UNSUPPORTED_SUITE       = -290,        /* unsupported cipher suite */

src/internal.c

@@ -2780,6 +2780,11 @@ int SendBuffered(CYASSL* ssl)
             return SOCKET_ERROR_E;
         }
 
+        if (sent > (int)ssl->buffers.outputBuffer.length) {
+            CYASSL_MSG("SendBuffered() out of bounds read");
+            return SEND_OOB_READ_E;
+        }
+
         ssl->buffers.outputBuffer.idx += sent;
         ssl->buffers.outputBuffer.length -= sent;
     }
@@ -6596,6 +6601,9 @@ const char* CyaSSL_ERR_reason_error_string(unsigned long e)
     case EXTKEYUSE_AUTH_E:
         return "Ext Key Use server/client auth not set Error";
 
+    case SEND_OOB_READ_E:
+        return "Send Callback Out of Bounds Read Error";
+
     default :
         return "unknown error number";
     }