From a1257429bdebb58ffef2eb0ff99952e08c927ca2 Mon Sep 17 00:00:00 2001
From: Guido Vranken <guidovranken@gmail.com>
Date: Sun, 6 Jun 2021 03:54:15 +0200
Subject: [PATCH 1/3] Improve checking of XSNPRINTF return value in
 DecodePolicyOID

---
 wolfcrypt/src/asn.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 9df7aaa3d..c0ee6c73e 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -8887,7 +8887,7 @@ int DecodePolicyOID(char *out, word32 outSz, const byte *in, word32 inSz)
             /* write val as text into out */
             val += in[inIdx];
             w = XSNPRINTF(out + outIdx, outSz - outIdx, ".%u", val);
-            if (w < 0)
+            if (w < 0 || (word32)w > outSz - outIdx)
                 goto exit;
             outIdx += w;
             val = 0;

From 8cb576009dd37221fd89815459a88320e998898d Mon Sep 17 00:00:00 2001
From: Guido Vranken <guidovranken@gmail.com>
Date: Sun, 6 Jun 2021 04:07:02 +0200
Subject: [PATCH 2/3] Improve bounds check in EncodePolicyOID

---
 wolfcrypt/src/asn.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index c0ee6c73e..78c720d7a 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -15732,7 +15732,7 @@ int EncodePolicyOID(byte *out, word32 *outSz, const char *in, void* heap)
                 oid[i++] = (byte) (((tb++) ? 0x80 : 0) | x);
             }
 
-            if ((idx+(word32)i) > *outSz) {
+            if ((idx+(word32)i) >= *outSz) {
                 XFREE(str, heap, DYNAMIC_TYPE_TMP_BUFFER);
                 return BUFFER_E;
             }

From f163a4e18f9a62bfda07cf5ab93c1091301afeac Mon Sep 17 00:00:00 2001
From: Guido Vranken <guidovranken@gmail.com>
Date: Mon, 14 Jun 2021 03:55:13 +0200
Subject: [PATCH 3/3] Return BUFFER_E from DecodePolicyOID if XSNPRINTF
 indicates insufficient buffer space

---
 wolfcrypt/src/asn.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 78c720d7a..88fcafef5 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -8871,8 +8871,10 @@ int DecodePolicyOID(char *out, word32 outSz, const byte *in, word32 inSz)
     val = in[inIdx++];
 
     w = XSNPRINTF(out, outSz, "%u.%u", val / 40, val % 40);
-    if (w < 0)
+    if (w < 0) {
+        w = BUFFER_E;
         goto exit;
+    }
     outIdx += w;
     val = 0;
 
@@ -8887,8 +8889,10 @@ int DecodePolicyOID(char *out, word32 outSz, const byte *in, word32 inSz)
             /* write val as text into out */
             val += in[inIdx];
             w = XSNPRINTF(out + outIdx, outSz - outIdx, ".%u", val);
-            if (w < 0 || (word32)w > outSz - outIdx)
+            if (w < 0 || (word32)w > outSz - outIdx) {
+                w = BUFFER_E;
                 goto exit;
+            }
             outIdx += w;
             val = 0;
         }