From fe9a876895349e2948b522142baa63575e88396c Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Fri, 6 Mar 2020 17:13:59 +0100
Subject: [PATCH] Check length to avoid XSTRNCMP accessing  memory after `list`

---
 src/ssl.c          | 3 ++-
 wolfssl/internal.h | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 945ac32e5..4f6af78f4 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -33160,7 +33160,8 @@ static int populate_groups(int* groups, int max_count, char *list)
             return -1;
         }
         for (nist_name = kNistCurves; nist_name->name != NULL; nist_name++) {
-            if (XSTRNCMP(list, nist_name->name, nist_name->name_len) == 0) {
+            if (len == nist_name->name_len &&
+                    XSTRNCMP(list, nist_name->name, nist_name->name_len) == 0) {
                 break;
             }
         }
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index a586184d7..5238f62cb 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -4239,7 +4239,7 @@ static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished";
 
 #ifdef OPENSSL_EXTRA
 typedef struct {
-    int name_len;
+    size_t name_len;
     const char *name;
     int nid;
 } WOLF_EC_NIST_NAME;