From 6d0dc7f2e7a1a6fc39d1da8818686e1ce52c5af3 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Wed, 26 Jun 2024 08:21:17 +1000
Subject: [PATCH] SSL default ticket encryption callback: check in len on
 decrypt

Make sure that the length of the data to decrypt is correct for the
default ticket encryption implementation.
---
 src/internal.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index c798b8c02e..ab31f3820f 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -38842,6 +38842,10 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
 
     WOLFSSL_ENTER("DefTicketEncCb");
 
+    if ((!enc) && (inLen != sizeof(InternalTicket))) {
+        return BUFFER_E;
+    }
+
     /* Check we have setup the RNG, name and primary key. */
     if (keyCtx->expirary[0] == 0) {
 #ifndef SINGLE_THREADED