From 0a03940f5ac8ca03b8df94e43126ee2ead31bae9 Mon Sep 17 00:00:00 2001
From: Marco Oliverio <marco@wolfssl.com>
Date: Tue, 26 Mar 2024 14:58:35 +0100
Subject: [PATCH] wolfcrypt: wc_ecc_cmp_param: check string len before strncmp

also return -1 on param mismatch.
---
 wolfcrypt/src/ecc.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index 78101ed2c..28991bdfc 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -4279,8 +4279,11 @@ static int wc_ecc_cmp_param(const char* curveParam,
     if (param == NULL || curveParam == NULL)
         return BAD_FUNC_ARG;
 
-    if (encType == WC_TYPE_HEX_STR)
-        return XSTRNCMP(curveParam, (char*) param, paramSz);
+    if (encType == WC_TYPE_HEX_STR) {
+        if ((word32)XSTRLEN(curveParam) != paramSz)
+            return -1;
+        return (XSTRNCMP(curveParam, (char*) param, paramSz) == 0) ? 0 : -1;
+    }
 
 #ifdef WOLFSSL_SMALL_STACK
     a = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC);