wolfssl: patch CVE-2026-4395

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-4395 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-06-13 17:39:57 +00:00 · 2026-04-06 00:49:10 +12:00
parent 99b851ae0e
commit 6f87a552ab
2 changed files with 32 additions and 0 deletions
@@ -0,0 +1,31 @@
+From 6a60f44e056f55f3cdc9d11384e5a5d5d0b1d628 Mon Sep 17 00:00:00 2001
+From: Kareem <kareem@wolfssl.com>
+Date: Mon, 16 Mar 2026 15:34:18 -0700
+Subject: [PATCH] Check raw pubkey length in wc_ecc_import_x963 before copying
+ to it for KCAPI case.
+
+(cherry picked from commit ddc177b669cff9d3c7e1b51751f9df73062b872a)
+
+CVE: CVE-2026-4395
+Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/ddc177b669cff9d3c7e1b51751f9df73062b872a]
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ wolfcrypt/src/ecc.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
+index 1fd30cfd9..dcef45a1c 100644
+--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
+@@ -10784,7 +10784,10 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key,
+             XMEMCPY(key->pubkey_raw, (byte*)in, inLen);
+     }
+ #elif defined(WOLFSSL_KCAPI_ECC)
+-    XMEMCPY(key->pubkey_raw, (byte*)in, inLen);
+    if (inLen <= (word32)sizeof(key->pubkey_raw))
+        XMEMCPY(key->pubkey_raw, (byte*)in, inLen);
+    else
+        err = BAD_FUNC_ARG;
+ #endif
+ 
+     if (err == MP_OKAY) {
@@ -36,6 +36,7 @@ SRC_URI = " \
    file://CVE-2026-3230.patch \
    file://CVE-2026-3547.patch \
    file://CVE-2026-4159.patch \
+    file://CVE-2026-4395.patch \
 "

 SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285"