From 1397268aa12e2cf3f80c3acfa9b6036b809c08ef Mon Sep 17 00:00:00 2001 From: Kareem Date: Fri, 3 Apr 2026 16:06:35 -0700 Subject: [PATCH] In wc_PKCS7_DecodeEnvelopedData, confirm encryptedContentTotalSz does not exceed the total message size before using it in the non-streaming case. Thanks to Zou Dikai for the report. --- wolfcrypt/src/pkcs7.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 7df99f41b1..2ab1a2fd7a 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -13242,6 +13242,11 @@ int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in, } wc_PKCS7_DecryptContentFree(pkcs7, encOID, pkcs7->heap); } else { + if ((idx + (word32)encryptedContentTotalSz) > pkiMsgSz) { + ret = BUFFER_E; + break; + } + pkcs7->cachedEncryptedContentSz = (word32)encryptedContentTotalSz; pkcs7->totalEncryptedContentSz =