From 806b5d7d2301602dce1bc5a53e9e364301a60f33 Mon Sep 17 00:00:00 2001
From: Eric Blankenhorn <eric@wolfssl.com>
Date: Thu, 11 Feb 2021 10:20:21 -0600
Subject: [PATCH 1/3] Validate name size

---
 src/ssl.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/ssl.c b/src/ssl.c
index 14a160dc2..8fa25bbf4 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -45557,6 +45557,9 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
             return WOLFSSL_FAILURE;
     }
 
+    if (name->sz == 0)
+        return WOLFSSL_FAILURE;
+
 #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
     /* If XN_FLAG_DN_REV is present, print X509_NAME in reverse order */
     if (flags == (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)) {

From 608083f5591310aab51158d61341e758f7c59927 Mon Sep 17 00:00:00 2001
From: Eric Blankenhorn <eric@wolfssl.com>
Date: Wed, 17 Feb 2021 12:19:42 -0600
Subject: [PATCH 2/3] Add more checks for name->sz

---
 src/ssl.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 8fa25bbf4..f2c50075b 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -45602,14 +45602,17 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
     }
 #else
     if (flags == XN_FLAG_RFC2253) {
-        if (wolfSSL_BIO_write(bio, name->name + 1, name->sz - 2)
-                                                                != name->sz - 2)
+        if ((name->sz < 3) ||
+            (wolfSSL_BIO_write(bio, name->name + 1, name->sz - 2)
+                                                            != name->sz - 2))
             return WOLFSSL_FAILURE;
     }
 #endif /* WOLFSSL_APACHE_HTTPD || OPENSSL_ALL || WOLFSSL_NGINX */
-    else if (wolfSSL_BIO_write(bio, name->name, name->sz - 1) != name->sz - 1)
+    else {
+        if ((name->sz < 2) ||
+            (wolfSSL_BIO_write(bio, name->name, name->sz - 1) != name->sz - 1))
         return WOLFSSL_FAILURE;
-
+    }
     return WOLFSSL_SUCCESS;
 }
 #endif /* !NO_BIO */

From caa39f78ae906a3bfa039782414930bfc9ad8a0f Mon Sep 17 00:00:00 2001
From: Eric Blankenhorn <eric@wolfssl.com>
Date: Wed, 17 Feb 2021 13:53:30 -0600
Subject: [PATCH 3/3] Fix from review and leak in wolfSSL_X509_get_serialNumber

---
 src/ssl.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/ssl.c b/src/ssl.c
index f2c50075b..a2a5df75d 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -26431,6 +26431,14 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509* x509)
 
     WOLFSSL_ENTER("wolfSSL_X509_get_serialNumber");
 
+    if (x509 == NULL) {
+        WOLFSSL_MSG("NULL function argument");
+        return NULL;
+    }
+
+    if (x509->serialNumber != NULL)
+       return x509->serialNumber;
+
     a = wolfSSL_ASN1_INTEGER_new();
     if (a == NULL)
         return NULL;
@@ -45557,7 +45565,7 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
             return WOLFSSL_FAILURE;
     }
 
-    if (name->sz == 0)
+    if ((name == NULL) || (name->sz == 0))
         return WOLFSSL_FAILURE;
 
 #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)