From cba029a43676838a5442e1b3c8d714dedfa873a5 Mon Sep 17 00:00:00 2001
From: Kareem Abuobeid <kareem@wolfssl.com>
Date: Tue, 11 May 2021 14:35:41 -0700
Subject: [PATCH] PKCS7: Check size in wc_PKCS7_InitWithCert before XMEMCPY to
 avoid overflow.

---
 wolfcrypt/src/pkcs7.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index a1d0a3f32..d1f3c02df 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -1100,6 +1100,16 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz)
             return ret;
         }
 
+        if (dCert->pubKeySize > (MAX_RSA_INT_SZ + MAX_RSA_E_SZ) ||
+            dCert->serialSz > MAX_SN_SZ) {
+            WOLFSSL_MSG("Invalid size in certificate\n");
+            FreeDecodedCert(dCert);
+#ifdef WOLFSSL_SMALL_STACK
+            XFREE(dCert, pkcs7->heap, DYNAMIC_TYPE_DCERT);
+#endif
+            return ASN_PARSE_E;
+        }
+
         XMEMCPY(pkcs7->publicKey, dCert->publicKey, dCert->pubKeySize);
         pkcs7->publicKeySz = dCert->pubKeySize;
         pkcs7->publicKeyOID = dCert->keyOID;