From e4f40fb6c033a06a71f11eb034d5c9e9d12b603a Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Mon, 26 Feb 2018 13:55:56 -0700
Subject: [PATCH] add sanity checks and change index increment

---
 wolfcrypt/src/asn.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 88083370d..fe1bd8a72 100755
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -11039,6 +11039,10 @@ static int ASNToHexString(const byte* input, word32* inOutIdx, char** out,
     int i;
     char* str;
 
+    if (*inOutIdx >= inSz) {
+        return BUFFER_E;
+    }
+
     if (input[*inOutIdx] == ASN_INTEGER) {
         if (GetASNInt(input, inOutIdx, &len, inSz) < 0)
             return ASN_PARSE_E;
@@ -11081,6 +11085,10 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx,
     if (ret != 0)
         return ret;
 
+    if (*inOutIdx >= inSz) {
+        return BUFFER_E;
+    }
+
     if (input[*inOutIdx] == (ASN_SEQUENCE | ASN_CONSTRUCTED)) {
 #ifdef WOLFSSL_CUSTOM_CURVES
         ecc_set_type* curve;
@@ -11131,7 +11139,7 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx,
             if (input[*inOutIdx] == ASN_BIT_STRING) {
                 len = 0;
                 ret = GetASNHeader(input, ASN_BIT_STRING, inOutIdx, &len, inSz);
-                inOutIdx += len;
+                *inOutIdx += len;
             }
         }
         if (ret == 0) {