From a2cf234100db4cb4761eebea13596cb646de2b0e Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Mon, 13 Dec 2021 14:32:46 -0800 Subject: [PATCH] sanity check before reading policy constraint --- wolfcrypt/src/asn.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 75fde24a9..ea5000729 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -14837,6 +14837,10 @@ static int DecodePolicyConstraints(const byte* input, int sz, DecodedCert* cert) WOLFSSL_MSG("\tfail: skip value too big"); return BUFFER_E; } + if (idx >= (word32)sz) { + WOLFSSL_MSG("\tfail: no policy const skip to read"); + return BUFFER_E; + } cert->policyConstSkip = input[idx]; return 0;