From 0ef8541b73c5a063027ab5064d74268dae986573 Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Mon, 2 Mar 2026 14:39:58 -0700 Subject: [PATCH] validate hashAlgSz is within bounds before calling XMEMCPY --- wolfcrypt/src/asn.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index e1db227080..183226193f 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -7846,6 +7846,9 @@ word32 wc_EncodeRsaPssAlgoId(int hashOID, int saltLen, byte* out, word32 outSz) if (outSz < outerSz) { idx = 0; goto pss_algoid_done; } + if (hashAlgSz > RSA_PSS_ALGOID_TMPBUF_SZ) { + idx = 0; goto pss_algoid_done; + } { word32 idPart = (word32)SetObjectId((int)rsapssOidSz, NULL) + rsapssOidSz;