From a4f8a21b9b1c17d03e83a73228107bcef123a8db Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Fri, 18 Dec 2020 10:02:38 +1000
Subject: [PATCH] ASN X509: Don't allow any more data after signature

---
 wolfcrypt/src/asn.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index ff33fed3a..70b473dfc 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -6722,6 +6722,7 @@ static int GetSignature(DecodedCert* cert)
 {
     int length;
     int ret;
+
     ret = CheckBitString(cert->source, &cert->srcIdx, &length, cert->maxIdx, 1,
                          NULL);
     if (ret != 0)
@@ -6731,6 +6732,9 @@ static int GetSignature(DecodedCert* cert)
     cert->signature = &cert->source[cert->srcIdx];
     cert->srcIdx += cert->sigLength;
 
+    if (cert->srcIdx != cert->maxIdx)
+        return ASN_PARSE_E;
+
     return 0;
 }