From f8c968d8d18bda48accad8de63920c2c9ac86458 Mon Sep 17 00:00:00 2001
From: Andras Fekete <andras@wolfssl.com>
Date: Tue, 13 Aug 2024 12:51:38 -0400
Subject: [PATCH 1/2] Fix possible memory overrun

---
 wolfcrypt/test/test.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index b0a56c224..3da6a5f2a 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -18501,11 +18501,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void)
         return WC_TEST_RET_ENC_EC(ret);
 
     /* check the SKID from a RSA certificate */
-    if (XMEMCMP(skid_rsa, cert.extSubjKeyId, sizeof(cert.extSubjKeyId)))
+    if ((sizeof(skid_rsa) - 1 != cert.extSubjKeyIdSz) ||
+        (XMEMCMP(skid_rsa, cert.extSubjKeyId, cert.extSubjKeyIdSz)))
         return WC_TEST_RET_ENC_NC;
 
     /* check the AKID from an RSA certificate */
-    if (XMEMCMP(akid_rsa, cert.extAuthKeyId, sizeof(cert.extAuthKeyId)))
+    if ((sizeof(akid_rsa) - 1 != cert.extAuthKeyIdSz) ||
+            (XMEMCMP(akid_rsa, cert.extAuthKeyId, cert.extAuthKeyIdSz)))
         return WC_TEST_RET_ENC_NC;
 
     /* check the Key Usage from an RSA certificate */
@@ -18552,7 +18554,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void)
     /* check the SKID from a ECC certificate - generated dynamically */
 
     /* check the AKID from an ECC certificate */
-    if (XMEMCMP(akid_ecc, cert.extAuthKeyId, sizeof(cert.extAuthKeyId)))
+    if ((sizeof(akid_ecc) - 1 != cert.extAuthKeyIdSz) ||
+            (XMEMCMP(akid_ecc, cert.extAuthKeyId, cert.extAuthKeyIdSz)))
         return WC_TEST_RET_ENC_NC;
 
     /* check the Key Usage from an ECC certificate */
@@ -18600,11 +18603,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void)
         return WC_TEST_RET_ENC_EC(ret);
 
     /* check the SKID from a CA certificate */
-    if (XMEMCMP(kid_ca, cert.extSubjKeyId, sizeof(cert.extSubjKeyId)))
+    if ((sizeof(kid_ca) - 1 != cert.extSubjKeyIdSz) ||
+            (XMEMCMP(kid_ca, cert.extSubjKeyId, cert.extSubjKeyIdSz)))
         return WC_TEST_RET_ENC_NC;
 
     /* check the AKID from an CA certificate */
-    if (XMEMCMP(kid_ca, cert.extAuthKeyId, sizeof(cert.extAuthKeyId)))
+    if ((sizeof(kid_ca) - 1 != cert.extAuthKeyIdSz) ||
+            (XMEMCMP(kid_ca, cert.extAuthKeyId, cert.extAuthKeyIdSz)))
         return WC_TEST_RET_ENC_NC;
 
     /* check the Key Usage from CA certificate */

From ab7bc290062933d3bf708c977b605db098f31c1a Mon Sep 17 00:00:00 2001
From: Andras Fekete <andras@wolfssl.com>
Date: Tue, 13 Aug 2024 16:18:29 -0400
Subject: [PATCH 2/2] Fix curl.yml

---
 .github/workflows/curl.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml
index a89ef94d5..156e61b38 100644
--- a/.github/workflows/curl.yml
+++ b/.github/workflows/curl.yml
@@ -58,8 +58,8 @@ jobs:
       with:
         name: wolf-install-curl
 
-      - name: untar build-dir
-        run: tar -xf build-dir.tgz
+    - name: untar build-dir
+      run: tar -xf build-dir.tgz
 
     - name: Build curl
       uses: wolfSSL/actions-build-autotools-project@v1