From f59d50f18a571bfaa3dca87c5d1a09c24c9d22f8 Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Fri, 3 Apr 2026 17:12:27 -0600 Subject: [PATCH 1/2] bound notBeforeDataEnd with origSz --- tests/api/test_x509.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/api/test_x509.c b/tests/api/test_x509.c index 47780e6dc4..38bf71f8f6 100644 --- a/tests/api/test_x509.c +++ b/tests/api/test_x509.c @@ -502,6 +502,9 @@ static int craft_malicious_time_cert(const byte* orig, int origSz, notBeforeLenOff = validityOff + 3; /* the 0x0D byte */ notBeforeDataEnd = notBeforeLenOff + 1 + 13; /* tag(1) was at +2, data starts at +4 */ + if (notBeforeDataEnd >= origSz) { + return -1; + } /* Build the new buffer: * [0 .. notBeforeLenOff-1] unchanged prefix From 5e79661aa33e1bb41cb1c6e768c7d14fc74ce62d Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Fri, 3 Apr 2026 17:13:29 -0600 Subject: [PATCH 2/2] prevent resource leak if ASN1_INTEGER_to_BN() != null if expected --- tests/api/test_ossl_asn1.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/api/test_ossl_asn1.c b/tests/api/test_ossl_asn1.c index c1629eadc6..46500bd0e0 100644 --- a/tests/api/test_ossl_asn1.c +++ b/tests/api/test_ossl_asn1.c @@ -198,11 +198,11 @@ int test_wolfSSL_ASN1_INTEGER_BN(void) } #if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY) ExpectNotNull(bn = ASN1_INTEGER_to_BN(ai, NULL)); - BN_free(bn); - bn = NULL; #else - ExpectNull(ASN1_INTEGER_to_BN(ai, NULL)); + ExpectNull(bn = ASN1_INTEGER_to_BN(ai, NULL)); #endif + BN_free(bn); + bn = NULL; if (ai != NULL) { ai->data[0] = 0x02; /* tag for ASN_INTEGER */ @@ -213,11 +213,11 @@ int test_wolfSSL_ASN1_INTEGER_BN(void) #if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY) /* Interpreted as a number 0x020403. */ ExpectNotNull(bn = ASN1_INTEGER_to_BN(ai, NULL)); - BN_free(bn); - bn = NULL; #else - ExpectNull(ASN1_INTEGER_to_BN(ai, NULL)); + ExpectNull(bn = ASN1_INTEGER_to_BN(ai, NULL)); #endif + BN_free(bn); + bn = NULL; if (ai != NULL) { ai->data[0] = 0x02; /* tag for ASN_INTEGER */