validate hashAlgSz is within bounds before calling XMEMCPY

rlm2002 · rlm2002 · commit 0ef8541b73c5 · 2026-03-02T15:05:01.000-07:00
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
@@ -7846,6 +7846,9 @@ word32 wc_EncodeRsaPssAlgoId(int hashOID, int saltLen, byte* out, word32 outSz)
     if (outSz < outerSz) {
         idx = 0; goto pss_algoid_done;
     }
+    if (hashAlgSz > RSA_PSS_ALGOID_TMPBUF_SZ) {
+        idx = 0; goto pss_algoid_done;
+    }
 
     {
         word32 idPart = (word32)SetObjectId((int)rsapssOidSz, NULL) + rsapssOidSz;

Original file line number	Diff line number	Diff line change
`@@ -7846,6 +7846,9 @@ word32 wc_EncodeRsaPssAlgoId(int hashOID, int saltLen, byte* out, word32 outSz)`
`7846`	`7846`	`if (outSz < outerSz) {`
`7847`	`7847`	`idx = 0; goto pss_algoid_done;`
`7848`	`7848`	`}`
	`7849`	`+ if (hashAlgSz > RSA_PSS_ALGOID_TMPBUF_SZ) {`
	`7850`	`+ idx = 0; goto pss_algoid_done;`
	`7851`	`+ }`
`7849`	`7852`
`7850`	`7853`	`{`
`7851`	`7854`	`word32 idPart = (word32)SetObjectId((int)rsapssOidSz, NULL) + rsapssOidSz;`