From 6b1ff8e9d71945b9549836f61f385d4cd992063a Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Fri, 5 Aug 2016 12:53:26 -0700
Subject: [PATCH] Only try and return serial number or check padding if the
 serial number size is greater than 1.

---
 wolfcrypt/src/asn.c | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 025bb1c7b..3c5c1376d 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -5307,26 +5307,30 @@ WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx,
         return ASN_PARSE_E;
     }
 
+    /* serial size check */
     if (*serialSz < 0 || *serialSz > EXTERNAL_SERIAL_SIZE) {
         WOLFSSL_MSG("Serial size bad");
         return ASN_PARSE_E;
     }
 
-    /* serial size check */
+    /* serial size check against max index */
     if ((*inOutIdx + *serialSz) > maxIdx) {
         WOLFSSL_MSG("Bad idx serial");
         return BUFFER_E;
     }
 
-    /* skip padding */
-    if (input[*inOutIdx] == 0x00) {
-        *serialSz -= 1;
-        *inOutIdx += 1;
-    }
+    /* only check padding and return serial if length is greater than 1 */
+    if (*serialSz > 0) {
+        /* skip padding */
+        if (input[*inOutIdx] == 0x00) {
+            *serialSz -= 1;
+            *inOutIdx += 1;
+        }
 
-    /* return serial */
-    XMEMCPY(serial, &input[*inOutIdx], *serialSz);
-    *inOutIdx += *serialSz;
+        /* return serial */
+        XMEMCPY(serial, &input[*inOutIdx], *serialSz);
+        *inOutIdx += *serialSz;
+    }
 
     return result;
 }