wolfssl: patch CVE-2026-5392

Backport commit from the PR[1] mentioned in the nvd[2] [1]https://github.com/wolfSSL/wolfssl/pull/10039 [2]https://nvd.nist.gov/vuln/detail/CVE-2026-5392 Dropped unit test changes during the backport. Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-06-13 17:39:57 +00:00 · 2026-04-30 23:46:43 +12:00
parent bec67650c1
commit 8939b43735
2 changed files with 34 additions and 0 deletions
@@ -0,0 +1,33 @@
+From 02c53b7cb22ba520d1b9a061476a1066eef45a42 Mon Sep 17 00:00:00 2001
+From: Anthony Hu <anthony@wolfssl.com>
+Date: Fri, 20 Mar 2026 21:32:14 -0400
+Subject: [PATCH] Add bounds check in PKCS7 streaming indefinite-length
+ end-of-content parsing
+
+(cherry picked from commit 6721bde8e0f4074b76c1ea5e8987b8c2a746b3fa)
+
+CVE: CVE-2026-5392
+Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/6721bde8e0f4074b76c1ea5e8987b8c2a746b3fa]
+
+Dropped unit test changes during the backport.
+
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ wolfcrypt/src/pkcs7.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
+index a8545ba0a..92dab5080 100644
+--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
+@@ -6485,6 +6485,10 @@ static int PKCS7_VerifySignedData(wc_PKCS7* pkcs7, const byte* hashBuf,
+                 word32 sz = (word32)pkcs7->stream->cntIdfCnt * ASN_INDEF_END_SZ;
+                 localIdx = idx;
+                 for (i = 0; i < sz; i++) {
+                    if (localIdx + i >= pkiMsg2Sz) {
+                        ret = ASN_PARSE_E;
+                        break;
+                    }
+                     if (pkiMsg2[localIdx + i] == 0)
+                         continue;
+                     else {
@@ -40,6 +40,7 @@ SRC_URI = " \
    file://CVE-2026-1005.patch \
    file://CVE-2026-3580.patch \
    file://CVE-2026-5188.patch \
+    file://CVE-2026-5392.patch \
 "

 SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285"