From a2032dfb36fc1b7703875721f0f99536492394e1 Mon Sep 17 00:00:00 2001
From: JacobBarthelmeh <jacob@wolfssl.com>
Date: Fri, 27 Oct 2023 14:50:13 -0600
Subject: [PATCH] touch up negative value sanity check, fix CID 210741 sanity
 check

---
 src/x509.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/x509.c b/src/x509.c
index f9fc3853a..6edc0fcaf 100644
--- a/src/x509.c
+++ b/src/x509.c
@@ -1558,7 +1558,7 @@ int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext,
                             XFREE(val, NULL, DYNAMIC_TYPE_TMP_BUFFER);
                             return rc;
                     }
-                    if (tmpLen + valLen > tmpSz) {
+                    if ((tmpLen + valLen) >= tmpSz) {
                         XFREE(val, NULL, DYNAMIC_TYPE_TMP_BUFFER);
                         return rc;
                     }
@@ -6482,7 +6482,8 @@ static int X509PrintSignature_ex(WOLFSSL_BIO* bio, byte* sig,
                     break;
                 }
             }
-            if (valLen >= ((int)sizeof(tmp) - tmpLen - 1)) {
+            if ((tmpLen < 0) || (valLen < 0) ||
+                    (valLen >= ((int)sizeof(tmp) - tmpLen - 1))) {
                 ret = WOLFSSL_FAILURE;
                 break;
             }