Merge pull request #4656 from JacobBarthelmeh/SanityChecks

sanity check before reading policy constraint
2025-08-01 03:34:39 +02:00 · 2021-12-16 08:42:19 -08:00
parent 424bd2d73d a2cf234100
commit ea2245c4d1
1 changed files with 4 additions and 0 deletions
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -14837,6 +14837,10 @@ static int DecodePolicyConstraints(const byte* input, int sz, DecodedCert* cert)
        WOLFSSL_MSG("\tfail: skip value too big");
        return BUFFER_E;
    }
+    if (idx >= (word32)sz) {
+        WOLFSSL_MSG("\tfail: no policy const skip to read");
+        return BUFFER_E;
+    }
    cert->policyConstSkip = input[idx];

    return 0;