From b4d94429d14dcc9f19576b5335580639985900bf Mon Sep 17 00:00:00 2001
From: Paul Adelsbach <paul.adelsbach@wolfssl.com>
Date: Fri, 25 Apr 2025 12:38:22 -0700
Subject: [PATCH] Speculative fix for CodeSonar overflow issue

---
 src/ssl_certman.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ssl_certman.c b/src/ssl_certman.c
index df88acdd1c..7646f3484d 100644
--- a/src/ssl_certman.c
+++ b/src/ssl_certman.c
@@ -1525,7 +1525,7 @@ int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER* cm, const void* mem, int sz)
     WOLFSSL_ENTER("CM_MemRestoreCertCache");
 
     /* Check memory available is bigger than cache header. */
-    if (current > end) {
+    if ((sz < (int)sizeof(CertCacheHeader)) || (current > end)) {
         WOLFSSL_MSG("Cert Cache Memory buffer too small");
         ret = BUFFER_E;
     }