From 9fc8c8e0b6cd34f70c89024c7bd588fbb57e18ba Mon Sep 17 00:00:00 2001
From: JacobBarthelmeh <jacob@wolfssl.com>
Date: Mon, 16 Mar 2020 15:14:29 -0700
Subject: [PATCH 1/2] add space for null terminator and check on header pointer

---
 wolfcrypt/src/asn.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 58a726fe3..142cdf440 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -10434,8 +10434,8 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
     #endif
 #endif
 #ifdef OPENSSL_EXTRA
-    char        beginBuf[PEM_LINE_LEN];
-    char        endBuf[PEM_LINE_LEN];
+    char        beginBuf[PEM_LINE_LEN + 1]; /* add 1 for null terminator */
+    char        endBuf[PEM_LINE_LEN + 1];   /* add 1 for null terminator */
 #endif
 
     WOLFSSL_ENTER("PemToDer");
@@ -10506,7 +10506,8 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
                             XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX)) != 0) {
                 headerEnd--;
             }
-            if (XSTRNCMP(headerEnd, BEGIN_PRIV_KEY_PREFIX,
+            if (headerEnd <= (char*)buff ||
+                    XSTRNCMP(headerEnd, BEGIN_PRIV_KEY_PREFIX,
                     XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX)) != 0 ||
                     beginEnd - headerEnd > PEM_LINE_LEN) {
                 WOLFSSL_MSG("Couldn't find PEM header");

From aff80ab0d3e7458d6dd34f72e1a7c2433abd83c3 Mon Sep 17 00:00:00 2001
From: JacobBarthelmeh <jacob@wolfssl.com>
Date: Tue, 17 Mar 2020 08:56:55 -0700
Subject: [PATCH 2/2] adjust test case for no ECC

---
 tests/api.c | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/tests/api.c b/tests/api.c
index 7d70b20cb..a7c83dfb6 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -5047,13 +5047,9 @@ static void test_wolfSSL_PKCS8(void)
     AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes,
                 WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
 #else
-#ifdef OPENSSL_EXTRA
-    AssertIntGT((bytes = wc_KeyPemToDer(buffer, bytes, der,
-        (word32)sizeof(der), NULL)), 0);
-#else
+    /* if HAVE_ECC is not defined then BEGIN EC PRIVATE KEY is not found */
     AssertIntEQ((bytes = wc_KeyPemToDer(buffer, bytes, der,
         (word32)sizeof(der), NULL)), ASN_NO_PEM_HEADER);
-#endif
 #endif /* HAVE_ECC */
 
     wolfSSL_CTX_free(ctx);