diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index e286b4090..cd685fed7 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -5269,14 +5269,13 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) #endif /* WOLFSSL_CERT_EXT */ } #ifdef WOLFSSL_CERT_EXT - else if ((0 == XMEMCMP(&cert->source[cert->srcIdx], ASN_JOI_PREFIX, - XSTRLEN(ASN_JOI_PREFIX))) && - ((cert->source[cert->srcIdx + XSTRLEN(ASN_JOI_PREFIX)] == - ASN_JOI_C) || - (cert->source[cert->srcIdx + XSTRLEN(ASN_JOI_PREFIX)] == - ASN_JOI_ST))) + else if ((cert->srcIdx + ASN_JOI_PREFIX_SZ + 2 <= (word32)maxIdx) && + (0 == XMEMCMP(&cert->source[cert->srcIdx], ASN_JOI_PREFIX, + ASN_JOI_PREFIX_SZ)) && + ((cert->source[cert->srcIdx+ASN_JOI_PREFIX_SZ] == ASN_JOI_C) || + (cert->source[cert->srcIdx+ASN_JOI_PREFIX_SZ] == ASN_JOI_ST))) { - cert->srcIdx += 10; + cert->srcIdx += ASN_JOI_PREFIX_SZ; id = cert->source[cert->srcIdx++]; b = cert->source[cert->srcIdx++]; /* encoding */ @@ -5342,8 +5341,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) cert->srcIdx += oidSz + 1; - if (GetLength(cert->source, &cert->srcIdx, &strLen, - maxIdx) < 0) + if (GetLength(cert->source, &cert->srcIdx, &strLen, maxIdx) < 0) return ASN_PARSE_E; if (strLen > (int)(ASN_NAME_MAX - idx)) { diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 99222638d..357d697af 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -239,9 +239,10 @@ enum ECC_TYPES #endif /* WOLFSSL_CERT_PIV */ -#define ASN_JOI_PREFIX "\x2b\x06\x01\x04\x01\x82\x37\x3c\x02\x01" -#define ASN_JOI_C 0x3 -#define ASN_JOI_ST 0x2 +#define ASN_JOI_PREFIX_SZ 10 +#define ASN_JOI_PREFIX "\x2b\x06\x01\x04\x01\x82\x37\x3c\x02\x01" +#define ASN_JOI_C 0x3 +#define ASN_JOI_ST 0x2 #ifndef WC_ASN_NAME_MAX #ifdef OPENSSL_EXTRA