From 2724edc257a987eef9424b91cee1d6e6c7c0bb28 Mon Sep 17 00:00:00 2001
From: Lealem Amedie <lealem47@github.com>
Date: Tue, 12 Dec 2023 15:13:42 -0700
Subject: [PATCH] Check buffer length before XMEMCMP in GetOID

---
 wolfcrypt/src/asn.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 886238907..19dd9faab 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -5760,7 +5760,8 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid,
      *
      * These hacks will hopefully disappear when new standardized OIDs appear.
      */
-    if (memcmp(&input[idx], sigSphincsFast_Level3Oid,
+    if (idx + (word32)sizeof(sigSphincsFast_Level3Oid) < (word32)length &&
+            XMEMCMP(&input[idx], sigSphincsFast_Level3Oid,
                sizeof(sigSphincsFast_Level3Oid)) == 0) {
         found_collision = SPHINCS_FAST_LEVEL3k;
     }