From 75e6406cd3c9858bc2dcdb4e69eaa88248562bbd Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Wed, 25 Mar 2026 11:46:16 -0600 Subject: [PATCH] upper bounds check for DSA signature --- wolfcrypt/src/asn.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index a5bc9b0733..6a49651ba9 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -16216,6 +16216,10 @@ int ConfirmSignature(SignatureCtx* sigCtx, WOLFSSL_MSG("Verify Signature is too small"); ERROR_OUT(BUFFER_E, exit_cs); } + else if (sigSz > MAX_ENCODED_SIG_SZ) { + WOLFSSL_MSG("Verify Signature is too big"); + ERROR_OUT(BUFFER_E, exit_cs); + } #ifndef WOLFSSL_NO_MALLOC sigCtx->key.dsa = (DsaKey*)XMALLOC(sizeof(DsaKey), sigCtx->heap, DYNAMIC_TYPE_DSA);