From 2306b7a87ed38b8c60d3ac355252beda72c70314 Mon Sep 17 00:00:00 2001
From: Ankur Tyagi <ankur.tyagi85@gmail.com>
Date: Thu, 30 Apr 2026 23:46:45 +1200
Subject: [PATCH] wolfssl: patch CVE-2026-5447

Backport commit from the PR[1] mentioned in the nvd[2]

[1]https://github.com/wolfSSL/wolfssl/pull/10112
[2]https://nvd.nist.gov/vuln/detail/CVE-2026-5447

Dropped unit test changes during the backport.

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 .../wolfssl/files/CVE-2026-5447.patch         | 65 +++++++++++++++++++
 .../wolfssl/wolfssl_5.8.0.bb                  |  1 +
 2 files changed, 66 insertions(+)
 create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5447.patch

diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5447.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5447.patch
new file mode 100644
index 0000000000..b296603816
--- /dev/null
+++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5447.patch
@@ -0,0 +1,65 @@
+From 4d7eccf50dab080185d3a8763491e3febbcc257a Mon Sep 17 00:00:00 2001
+From: Eric Blankenhorn <eric@wolfssl.com>
+Date: Tue, 31 Mar 2026 08:56:23 -0500
+Subject: [PATCH] Fix CertFromX509 copy length check
+
+(cherry picked from commit 772cda3d489d867935202d59393a2ac85a5e6ef0)
+
+CVE: CVE-2026-5447
+Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/772cda3d489d867935202d59393a2ac85a5e6ef0]
+
+Dropped unit test changes during the backport.
+
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ src/x509.c | 33 ++++++++++++++++++---------------
+ 1 file changed, 18 insertions(+), 15 deletions(-)
+
+diff --git a/src/x509.c b/src/x509.c
+index 62e3774f4..cf44c7146 100644
+--- a/src/x509.c
++++ b/src/x509.c
+@@ -10622,25 +10622,28 @@ static int CertFromX509(Cert* cert, WOLFSSL_X509* x509)
+         return WOLFSSL_FAILURE;
+     }
+ 
+-    if (x509->authKeyIdSz < sizeof(cert->akid)) {
+     #ifdef WOLFSSL_AKID_NAME
+-        cert->rawAkid = 0;
+-        if (x509->authKeyIdSrc) {
+-            XMEMCPY(cert->akid, x509->authKeyIdSrc, x509->authKeyIdSrcSz);
+-            cert->akidSz = (int)x509->authKeyIdSrcSz;
+-            cert->rawAkid = 1;
++    cert->rawAkid = 0;
++    if (x509->authKeyIdSrc) {
++        if (x509->authKeyIdSrcSz > sizeof(cert->akid)) {
++            WOLFSSL_MSG("Auth Key ID too large");
++            WOLFSSL_ERROR_VERBOSE(BUFFER_E);
++            return WOLFSSL_FAILURE;
+         }
+-        else
++        XMEMCPY(cert->akid, x509->authKeyIdSrc, x509->authKeyIdSrcSz);
++        cert->akidSz = (int)x509->authKeyIdSrcSz;
++        cert->rawAkid = 1;
++    }
++    else
+     #endif
+-        if (x509->authKeyId) {
+-            XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz);
+-            cert->akidSz = (int)x509->authKeyIdSz;
++    if (x509->authKeyId) {
++        if (x509->authKeyIdSz > sizeof(cert->akid)) {
++            WOLFSSL_MSG("Auth Key ID too large");
++            WOLFSSL_ERROR_VERBOSE(BUFFER_E);
++            return WOLFSSL_FAILURE;
+         }
+-    }
+-    else {
+-        WOLFSSL_MSG("Auth Key ID too large");
+-        WOLFSSL_ERROR_VERBOSE(BUFFER_E);
+-        return WOLFSSL_FAILURE;
++        XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz);
++        cert->akidSz = (int)x509->authKeyIdSz;
+     }
+ 
+     for (i = 0; i < x509->certPoliciesNb; i++) {
diff --git a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb
index 249880e161..34a3cd17bb 100644
--- a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb
+++ b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb
@@ -43,6 +43,7 @@ SRC_URI = " \
     file://CVE-2026-5392.patch \
     file://CVE-2026-5446-1.patch \
     file://CVE-2026-5446-2.patch \
+    file://CVE-2026-5447.patch \
 "
 
 SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285"