From 7ed66dd1c301bad7e0b769780333fa848bbfc6e8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tobias=20Frauenschl=C3=A4ger?= <tobias@wolfssl.com>
Date: Mon, 9 Mar 2026 13:37:02 +0100
Subject: [PATCH] Fix potential underflow in sniffer

---
 src/sniffer.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/sniffer.c b/src/sniffer.c
index 1921713bb00..9c061c8fce8 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -5074,7 +5074,7 @@ static const byte* DecryptMessage(WOLFSSL* ssl, const byte* input, word32 sz,
 
 #ifdef WOLFSSL_TLS13
     if (IsAtLeastTLSv1_3(ssl->version)) {
-        if (sz < ssl->specs.aead_mac_size) {
+        if (sz <= ssl->specs.aead_mac_size) {
             *error = BUFFER_ERROR;
             return NULL;
         }
@@ -5131,6 +5131,10 @@ static const byte* DecryptMessage(WOLFSSL* ssl, const byte* input, word32 sz,
 #ifdef WOLFSSL_TLS13
     if (IsAtLeastTLSv1_3(ssl->version)) {
         word16 i = (word16)(sz - ssl->keys.padSz);
+        if (i == 0) {
+            *error = BUFFER_ERROR;
+            return NULL;
+        }
         /* Remove padding from end of plain text. */
         for (--i; i > 0; i--) {
             if (output[i] != 0)