Merge pull request #7058 from lealem47/zd17174

Check buffer length before XMEMCMP in GetOID
2025-07-30 02:37:28 +02:00 · 2023-12-13 14:36:23 +10:00
parent cbd5341332 2724edc257
commit b7b20ededd
1 changed files with 2 additions and 1 deletions
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@ -5747,7 +5747,8 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid,
     *
     * These hacks will hopefully disappear when new standardized OIDs appear.
     */
-    if (memcmp(&input[idx], sigSphincsFast_Level3Oid,
+    if (idx + (word32)sizeof(sigSphincsFast_Level3Oid) < (word32)length &&
+            XMEMCMP(&input[idx], sigSphincsFast_Level3Oid,
               sizeof(sigSphincsFast_Level3Oid)) == 0) {
        found_collision = SPHINCS_FAST_LEVEL3k;
    }