From 16dac5597f79819713072fccb9d32fde18c0efa3 Mon Sep 17 00:00:00 2001
From: kaleb-himes <kaleb@wolfssl.com>
Date: Wed, 24 Feb 2016 16:08:54 -0700
Subject: [PATCH] prevent buffer overflows if sigSz > MAX_ENCODED_SIG_SZ

---
 wolfcrypt/src/asn.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index b7ff7855f..6f0520555 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -3586,14 +3586,12 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
                 break; /* not confirmed */
             }
 #endif
-
-            if (sigSz > MAX_ENCODED_SIG_SZ) {
-                WOLFSSL_MSG("Verify Signature is too big");
-            }
-
             if (wc_InitRsaKey(pubKey, heap) != 0) {
                 WOLFSSL_MSG("InitRsaKey failed");
             }
+            else if (sigSz > MAX_ENCODED_SIG_SZ) {
+                WOLFSSL_MSG("Verify Signature is too big");
+            }
             else if (wc_RsaPublicKeyDecode(key, &idx, pubKey, keySz) < 0) {
                 WOLFSSL_MSG("ASN Key decode error RSA");
             }