From 99b851ae0ef4794b2fbc11811453de8ea3fb6a9b Mon Sep 17 00:00:00 2001
From: Ankur Tyagi <ankur.tyagi85@gmail.com>
Date: Mon, 6 Apr 2026 00:49:09 +1200
Subject: [PATCH] wolfssl: patch CVE-2026-4159

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-4159

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 .../wolfssl/files/CVE-2026-4159.patch         | 32 +++++++++++++++++++
 .../wolfssl/wolfssl_5.8.0.bb                  |  1 +
 2 files changed, 33 insertions(+)
 create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-4159.patch

diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-4159.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-4159.patch
new file mode 100644
index 0000000000..982cbd09af
--- /dev/null
+++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-4159.patch
@@ -0,0 +1,32 @@
+From 4de19e3894e81eeaf3079b1270813d0a2b7fe69c Mon Sep 17 00:00:00 2001
+From: Josh Holtrop <josh@wolfssl.com>
+Date: Tue, 10 Mar 2026 17:26:28 -0400
+Subject: [PATCH] Avoid one-byte read outside of allocated encrypted content
+ buffer in wc_PKCS7_DecodeEnvelopedData()
+
+(cherry picked from commit d37b51c3cef6897e117364ab8b1a257e52a634c0)
+
+CVE: CVE-2026-4159
+Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/d37b51c3cef6897e117364ab8b1a257e52a634c0]
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ wolfcrypt/src/pkcs7.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
+index 4ba96c90d..e65ddd493 100644
+--- a/wolfcrypt/src/pkcs7.c
++++ b/wolfcrypt/src/pkcs7.c
+@@ -12853,6 +12853,12 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in,
+             /* use cached content */
+             encryptedContent = pkcs7->cachedEncryptedContent;
+             encryptedContentSz = (int)pkcs7->cachedEncryptedContentSz;
++
++            if (encryptedContentSz <= 0) {
++                ret = BUFFER_E;
++                break;
++            }
++
+             padLen = encryptedContent[encryptedContentSz-1];
+ 
+             /* copy plaintext to output */
diff --git a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb
index 1f5b051d16..992591fb90 100644
--- a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb
+++ b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb
@@ -35,6 +35,7 @@ SRC_URI = " \
     file://CVE-2026-3229-3.patch \
     file://CVE-2026-3230.patch \
     file://CVE-2026-3547.patch \
+    file://CVE-2026-4159.patch \
 "
 
 SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285"