wolfssl: patch CVE-2026-5772

Backport commits from the PR[1] mentioned in the nvd[2]

[1]https://github.com/wolfSSL/wolfssl/pull/10119
[2]https://nvd.nist.gov/vuln/detail/CVE-2026-5772

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>

meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5772-1.patch

@@ -0,0 +1,25 @@
+From 9fe2213ba1fd8a05f7fa9b95fa940530b445bae9 Mon Sep 17 00:00:00 2001
+From: Kareem <kareem@wolfssl.com>
+Date: Wed, 1 Apr 2026 11:28:45 -0700
+Subject: [PATCH] Exit MatchDomainName if pattern or string length reach 0.
+
+CVE: CVE-2026-5772
+Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/1274c7b5e7e9e28d88caf60662f6f9624bf834b7]
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ src/internal.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/internal.c b/src/internal.c
+index ccfecc235..1c217b902 100644
+--- a/src/internal.c
++++ b/src/internal.c
+@@ -12898,7 +12898,7 @@ int MatchDomainName(const char* pattern, int patternLen, const char* str,
+     if (pattern == NULL || str == NULL || patternLen <= 0 || strLen == 0)
+         return 0;
+ 
+-    while (patternLen > 0) {
++    while (patternLen > 0 && strLen > 0) {
+         /* Get the next pattern char to evaluate */
+         char p = (char)XTOLOWER((unsigned char)*pattern);
+         if (p == '\0')

meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5772-2.patch

@@ -0,0 +1,35 @@
+From 89938195b946f709f40f653d90ce215f868c7d79 Mon Sep 17 00:00:00 2001
+From: Kareem <kareem@wolfssl.com>
+Date: Wed, 1 Apr 2026 11:50:17 -0700
+Subject: [PATCH] Rework check to avoid changing existing logic.
+
+CVE: CVE-2026-5772
+Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/90d631232308a59a03f6f6f455f9ac373db7af3d]
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ src/internal.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/internal.c b/src/internal.c
+index 1c217b902..6af03cbf0 100644
+--- a/src/internal.c
++++ b/src/internal.c
+@@ -12898,7 +12898,7 @@ int MatchDomainName(const char* pattern, int patternLen, const char* str,
+     if (pattern == NULL || str == NULL || patternLen <= 0 || strLen == 0)
+         return 0;
+ 
+-    while (patternLen > 0 && strLen > 0) {
++    while (patternLen > 0) {
+         /* Get the next pattern char to evaluate */
+         char p = (char)XTOLOWER((unsigned char)*pattern);
+         if (p == '\0')
+@@ -12964,6 +12964,9 @@ int MatchDomainName(const char* pattern, int patternLen, const char* str,
+                 wildcardEligible = 0;
+             }
+ 
++            if (strLen == 0)
++                return 0;
++
+             /* Simple case, pattern match exactly */
+             if (p != (char)XTOLOWER((unsigned char) *str))
+                 return 0;

meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb

@@ -44,6 +44,8 @@ SRC_URI = " \
     file://CVE-2026-5446-1.patch \
     file://CVE-2026-5446-2.patch \
     file://CVE-2026-5447.patch \
+    file://CVE-2026-5772-1.patch \
+    file://CVE-2026-5772-2.patch \
 "
 
 SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285"