From ee3eb8fb4c62ba945e598a444174a35d4cc2dd84 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Thu, 21 Feb 2019 13:32:28 -0800
Subject: [PATCH] Fix for proper detection of buffer overflow case when calling
 `wc_PKCS7_EncodeSignedData`.

---
 wolfcrypt/src/pkcs7.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index 5a741896c..b81b2bc08 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -2068,6 +2068,10 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
             totalSz -= pkcs7->contentSz;
         }
     }
+    else {
+        /* if using single output buffer include content and footer */
+        totalSz += total2Sz;
+    }
 
     if (totalSz > *outputSz) {
         if (pkcs7->signedAttribsSz != 0)