From 9fa1d2e75fbecfb3aaf0d5453f5ac3d3c0349f3e Mon Sep 17 00:00:00 2001
From: Kareem <kareem@wolfssl.com>
Date: Fri, 11 Jul 2025 11:53:33 -0700
Subject: [PATCH] Enforce WOLFSSL_MAX_PATH_LEN for ASN original as well.

---
 wolfcrypt/src/asn.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index bf859b1e6..34fdf8e3c 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -20614,7 +20614,12 @@ static int DecodeBasicCaConstraint(const byte* input, int sz, DecodedCert* cert)
     ret = GetInteger16Bit(input, &idx, (word32)sz);
     if (ret < 0)
         return ret;
-    cert->pathLength = (byte)ret;
+    else if (ret > WOLFSSL_MAX_PATH_LEN) {
+        WOLFSSL_ERROR_VERBOSE(ASN_PATHLEN_SIZE_E);
+        return ASN_PATHLEN_SIZE_E;
+    }
+
+    cert->pathLength = (word16)ret;
     cert->pathLengthSet = 1;
 
     return 0;