From fea1f1d6e57d149ca3fe1ad479d6cd278589b5cd Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Mon, 18 Nov 2019 17:02:19 -0800
Subject: [PATCH] Maintenance: ASN.1 1. Reject as an error any ASN.1 length
 value that is multibyte of length 0.

---
 wolfcrypt/src/asn.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index fe1635a70..de59cdeca 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -179,7 +179,11 @@ WOLFSSL_LOCAL int GetLength_ex(const byte* input, word32* inOutIdx, int* len,
     }
 
     b = input[idx++];
-    if (b >= ASN_LONG_LENGTH) {
+    if (b == ASN_LONG_LENGTH) {
+        WOLFSSL_MSG("GetLength bad length length");
+        return ASN_PARSE_E;
+    }
+    else if (b > ASN_LONG_LENGTH) {
         word32 bytes = b & 0x7F;
 
         if ((idx + bytes) > maxIdx) {   /* for reading bytes */