From 8cac163959e35297f1ffb6be5c9e535d2355e02f Mon Sep 17 00:00:00 2001
From: Kareem <kareem@wolfssl.com>
Date: Fri, 3 Apr 2026 16:49:44 -0700
Subject: [PATCH] Fix potential length mismatch in non realloc case in
 wolfSSL_BIO_set_conn_hostname.

Thanks to Cal Page for the report.
---
 src/bio.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/bio.c b/src/bio.c
index 41183a104b..81d5160d26 100644
--- a/src/bio.c
+++ b/src/bio.c
@@ -2849,7 +2849,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
                 tmp = b->ip;
                 b->ip = (char*)XMALLOC(newLen+1, b->heap, DYNAMIC_TYPE_OPENSSL);
                 if (b->ip != NULL && tmp != NULL) {
-                    XMEMCPY(b->ip, tmp, newLen);
+                    XMEMCPY(b->ip, tmp, currLen < newLen ? currLen : newLen);
                     XFREE(tmp, b->heap, DYNAMIC_TYPE_OPENSSL);
                     tmp = NULL;
             }