@@ -41590,7 +41590,7 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf,
4159041590 WOLFSSL_MSG("\tcouldn't parse CRL number extension");
4159141591 return ret;
4159241592 }
41593- else {
41593+ else if (length <= CRL_MAX_NUM_SZ) {
4159441594 DECL_MP_INT_SIZE_DYN(m, CRL_MAX_NUM_SZ_BITS,
4159541595 CRL_MAX_NUM_SZ_BITS);
4159641596 NEW_MP_INT_SIZE(m, CRL_MAX_NUM_SZ_BITS, NULL,
@@ -41611,15 +41611,7 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf,
4161141611
4161241612 if (ret != MP_OKAY)
4161341613 ret = BUFFER_E;
41614- /* Check CRL number size
41615- * if it exceeds CRL_MAX_NUM_SZ(octets)
41616- * and CRL_MAX_NUM_HEX_STR_SZ(hex string)
41617- */
41618- if (((needed = mp_unsigned_bin_size(m)) > CRL_MAX_NUM_SZ) ||
41619- ((needed * 2 + 1) > CRL_MAX_NUM_HEX_STR_SZ)) {
41620- WOLFSSL_MSG("CRL number exceeds limitation.");
41621- ret = BUFFER_E;
41622- }
41614+
4162341615 if (ret == MP_OKAY && mp_toradix(m, (char*)dcrl->crlNumber,
4162441616 MP_RADIX_HEX) != MP_OKAY)
4162541617 ret = BUFFER_E;
@@ -41632,6 +41624,9 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf,
4163241624
4163341625 if (ret != MP_OKAY)
4163441626 return ret;
41627+ } else {
41628+ WOLFSSL_MSG("CRL number exceeds limitation");
41629+ ret = BUFFER_E;
4163541630 }
4163641631 }
4163741632 }
@@ -41657,7 +41652,6 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf, word32 idx,
4165741652 word32 maxIdx)
4165841653{
4165941654 DECL_ASNGETDATA(dataASN, certExtASN_Length);
41660- int needed;
4166141655 int ret = 0;
4166241656 /* Track if we've seen these extensions already */
4166341657 word32 seenAuthKey = 0;
@@ -41735,16 +41729,16 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf, word32 idx,
4173541729 }
4173641730
4173741731 if (ret == 0) {
41738- ret = GetInt(m, buf, &localIdx, maxIdx) ;
41739- }
41740- /* Check CRL number size
41741- * if it exceeds CRL_MAX_NUM_SZ(octets)
41742- * and CRL_MAX_NUM_HEX_STR_SZ(hex string)
41743- */
41744- if (((needed = mp_unsigned_bin_size(m)) > CRL_MAX_NUM_SZ) ||
41745- ((needed * 2 + 1) > CRL_MAX_NUM_HEX_STR_SZ) ) {
41746- WOLFSSL_MSG("CRL number exceeds limitation." );
41747- ret = BUFFER_E;
41732+ int crlNumLen = 0 ;
41733+ word32 tmpIdx = localIdx;
41734+ ret = GetASNInt(buf, &tmpIdx, &crlNumLen, maxIdx);
41735+ if (ret == 0 && (crlNumLen > CRL_MAX_NUM_SZ)) {
41736+ WOLFSSL_MSG("CRL number exceeds limitation");
41737+ ret = BUFFER_E;
41738+ }
41739+ if (ret == 0 ) {
41740+ ret = GetInt(m, buf, &localIdx, maxIdx );
41741+ }
4174841742 }
4174941743 if (ret == 0 && mp_toradix(m, (char*)dcrl->crlNumber,
4175041744 MP_RADIX_HEX) != MP_OKAY)
0 commit comments