@@ -4243,15 +4243,15 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
42434243 const byte * identity , * binders ;
42444244
42454245 idsLen = (word16 )((input [idx ] << 8 ) | input [idx + 1 ]);
4246- if (idsLen + OPAQUE16_LEN + idx > extLen ) {
4246+ if (( word32 ) idsLen + OPAQUE16_LEN + idx > ( word32 ) extLen ) {
42474247 SetError (CLIENT_HELLO_INPUT_STR , error , session , FATAL_ERROR_STATE );
42484248 return WOLFSSL_FATAL_ERROR ;
42494249 }
42504250 idx += OPAQUE16_LEN ;
42514251
42524252 /* PSK identity */
42534253 idLen = (word16 )((input [idx ] << 8 ) | input [idx + 1 ]);
4254- if (idLen + OPAQUE16_LEN + idx > extLen ) {
4254+ if (( word32 ) idLen + OPAQUE16_LEN + idx > ( word32 ) extLen ) {
42554255 SetError (CLIENT_HELLO_INPUT_STR , error , session , FATAL_ERROR_STATE );
42564256 return WOLFSSL_FATAL_ERROR ;
42574257 }
@@ -4260,7 +4260,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
42604260 idx += idLen ;
42614261
42624262 /* Obfuscated Ticket Age 32-bits */
4263- if (idx + OPAQUE32_LEN > extLen ) {
4263+ if (( word32 ) idx + OPAQUE32_LEN > ( word32 ) extLen ) {
42644264 SetError (CLIENT_HELLO_INPUT_STR , error , session , FATAL_ERROR_STATE );
42654265 return WOLFSSL_FATAL_ERROR ;
42664266 }
@@ -4270,12 +4270,12 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
42704270 idx += OPAQUE32_LEN ;
42714271
42724272 /* binders - all binders */
4273- if (idx + OPAQUE16_LEN > extLen ) {
4273+ if (( word32 ) idx + OPAQUE16_LEN > ( word32 ) extLen ) {
42744274 SetError (CLIENT_HELLO_INPUT_STR , error , session , FATAL_ERROR_STATE );
42754275 return WOLFSSL_FATAL_ERROR ;
42764276 }
42774277 bindersLen = (word16 )((input [idx ] << 8 ) | input [idx + 1 ]);
4278- if (bindersLen + OPAQUE16_LEN + idx > extLen ) {
4278+ if (( word32 ) bindersLen + OPAQUE16_LEN + idx > ( word32 ) extLen ) {
42794279 SetError (CLIENT_HELLO_INPUT_STR , error , session , FATAL_ERROR_STATE );
42804280 return WOLFSSL_FATAL_ERROR ;
42814281 }
0 commit comments