From 425eb7ff39ec5d58dcbdd733721518cf2ff41846 Mon Sep 17 00:00:00 2001
From: Anthony Hu <anthony@wolfssl.com>
Date: Fri, 28 Mar 2025 17:52:46 -0400
Subject: [PATCH] Stop assuming dates are NULL terminated

---
 wolfcrypt/src/asn.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index a478ed200..32fe631e9 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -15030,18 +15030,18 @@ int ExtractDate(const unsigned char* date, unsigned char format,
 {
     int i = *idx;
 
-    /* Validate date string length based on format */
+    /* Validate date string length based on format Can not assume null
+     * terminated strings. Must check for the 'Z'. Subtract 2; one for zero
+     * indexing and one to exclude null terminator built into macro values */
     if (format == ASN_UTC_TIME) {
-        /* UTCTime format requires YYMMDDHHMMSSZ.
-         * subtract 1 to exclude null terminator. */
-        if (XSTRLEN((const char*)date + i) < (ASN_UTC_TIME_SIZE - 1)) {
+        /* UTCTime format requires YYMMDDHHMMSSZ. */
+        if (date[i + ASN_UTC_TIME_SIZE - 2] != 'Z') {
             return ASN_PARSE_E;
         }
     }
     else if (format == ASN_GENERALIZED_TIME) {
-        /* GeneralizedTime format requires YYYYMMDDHHMMSSZ.
-         * subtract 1 to exclude null terminator. */
-        if (XSTRLEN((const char*)date + i) < (ASN_GENERALIZED_TIME_SIZE - 1)) {
+        /* GeneralizedTime format requires YYYYMMDDHHMMSSZ. */
+        if (date[ i + ASN_GENERALIZED_TIME_SIZE - 2] != 'Z') {
             return ASN_PARSE_E;
         }
     } else {