@@ -16966,6 +16966,32 @@ static int test_wolfSSL_PKCS8_d2i(void)
1696616966 EVP_PKEY_free(pkey);
1696716967 pkey = NULL;
1696816968#endif
16969+ /* A negative length must be rejected before the signed->word32 cast
16970+ * (CWE-190 -> CWE-125): length = -1 becomes (word32)0xFFFFFFFF, so the
16971+ * decoder believes ~4 GiB are available and reads past the input. The
16972+ * same key buffers are decoded with their correct positive length above,
16973+ * so these calls fail only because of the negative length. All must
16974+ * return NULL; with the guard removed the over-read is reported by ASan
16975+ * (and, with a full key, faults outright). */
16976+ {
16977+ const unsigned char malformed[2] = { 0x30, 0x10 };
16978+ const unsigned char* mp;
16979+ #ifndef NO_RSA
16980+ #ifdef USE_CERT_BUFFERS_1024
16981+ const unsigned char* rp = (const unsigned char*)server_key_der_1024;
16982+ #else
16983+ const unsigned char* rp = (const unsigned char*)server_key_der_2048;
16984+ #endif
16985+ const unsigned char* rp0 = rp;
16986+ ExpectNull(d2i_AutoPrivateKey(NULL, &rp, -1));
16987+ rp = rp0;
16988+ ExpectNull(d2i_PrivateKey(EVP_PKEY_RSA, NULL, &rp, -1));
16989+ #endif
16990+ /* The reported PoC: a 2-byte header claiming 16 bytes of absent
16991+ * content drives the over-read in the key-type detection loop. */
16992+ mp = malformed;
16993+ ExpectNull(d2i_AutoPrivateKey(NULL, &mp, -1));
16994+ }
1696916995#endif /* OPENSSL_ALL */
1697016996
1697116997#ifndef NO_FILESYSTEM
0 commit comments