Guard against unsigned underflow in inputLength calculation

Add bounds check before computing inputLength from curStartIdx + curSize
to prevent unsigned underflow if *inOutIdx ever exceeds the record
content boundary.

Author: julek-wolfssl

src/internal.c

@@ -18783,6 +18783,8 @@ static int DoHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 
     /* curSize has already been reduced to content-only (padSz subtracted)
      * in ProcessReply, so curStartIdx + curSize bounds the content. */
+    if (*inOutIdx > (word32)ssl->curStartIdx + ssl->curSize)
+        return BUFFER_ERROR;
     inputLength = ssl->curStartIdx + ssl->curSize - *inOutIdx;
 
     /* If there is a pending fragmented handshake message,

src/tls13.c

@@ -13520,6 +13520,8 @@ int DoTls13HandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 
     /* curSize has already been reduced to content-only (padSz subtracted)
      * in ProcessReply, so curStartIdx + curSize bounds the content. */
+    if (*inOutIdx > (word32)ssl->curStartIdx + ssl->curSize)
+        return BUFFER_ERROR;
     inputLength = ssl->curStartIdx + ssl->curSize - *inOutIdx;
 
     /* If there is a pending fragmented handshake message,