diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index da6a88308..3258a5630 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -4379,11 +4379,17 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                     if (localIdx - start + length == (word32)contentLen) {
                         multiPart = 0;
                     } else {
-                        /* reset length to outer OCTET_STRING (contentLen) */
+                        /* reset length to outer OCTET_STRING for bundle size
+                         * check below */
                         length = contentLen;
                     }
                     localIdx = start;
                 }
+
+                if (ret != 0) {
+                    /* failed ASN1 parsing during OCTET_STRING checks */
+                    break;
+                }
             }
 
             /* get length of content in case of single part */
@@ -4426,7 +4432,10 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                 if (!degenerate && !detached && ret != 0)
                     break;
 
-                length = 0; /* no content to read */
+                /* no content to read */
+                length = 0;
+                contentLen = 0;
+
                 pkiMsg2   = pkiMsg;
                 pkiMsg2Sz = pkiMsgSz;
             }