From bb97f43eeb03e3ce69af7303c86dd416452c8e84 Mon Sep 17 00:00:00 2001
From: Eric Blankenhorn <eric@wolfssl.com>
Date: Wed, 29 Nov 2023 12:06:22 -0600
Subject: [PATCH] Fix fuzzer issues

---
 src/mqtt_packet.c | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)

diff --git a/src/mqtt_packet.c b/src/mqtt_packet.c
index 9fc4cb07..5bbd0c7f 100644
--- a/src/mqtt_packet.c
+++ b/src/mqtt_packet.c
@@ -605,16 +605,20 @@ int MqttDecode_Props(MqttPacketType packet, MqttProp** props, byte* pbuf,
                     buf += tmp;
                     total += tmp;
                     prop_len -= (word32)tmp;
-
-                    tmp = MqttDecode_String(buf,
-                            (const char**)&cur_prop->data_str2.str,
-                            &cur_prop->data_str2.len);
-                    if (cur_prop->data_str2.len <=
-                        (buf_len - (buf - pbuf))) {
-                        buf += tmp;
-                        total += tmp;
-                        prop_len -= (word32)tmp;
-                    }
+                    if ((buf_len - (buf - pbuf)) > 0) {
+                        tmp = MqttDecode_String(buf,
+                                (const char**)&cur_prop->data_str2.str,
+                                &cur_prop->data_str2.len);
+                        if (cur_prop->data_str2.len <=
+                            (buf_len - (buf - pbuf))) {
+                            buf += tmp;
+                            total += tmp;
+                            prop_len -= (word32)tmp;
+                        }
+                        else {
+                            /* Invalid length */
+                            rc = MQTT_TRACE_ERROR(MQTT_CODE_ERROR_PROPERTY);
+                        }
                     else {
                         /* Invalid length */
                         rc = MQTT_TRACE_ERROR(MQTT_CODE_ERROR_PROPERTY);