From bec67650c106a9e1f53d3a62b9a11cc6ffb1d633 Mon Sep 17 00:00:00 2001
From: Ankur Tyagi <ankur.tyagi85@gmail.com>
Date: Thu, 30 Apr 2026 23:46:42 +1200
Subject: [PATCH] wolfssl: patch CVE-2026-5188

Backport commit from the PR[1] mentioned in the nvd[2]

[1]https://github.com/wolfSSL/wolfssl/pull/10024
[2]https://nvd.nist.gov/vuln/detail/CVE-2026-5188

Dropped unit test changes during the backport.

Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 .../wolfssl/files/CVE-2026-5188.patch         | 101 ++++++++++++++++++
 .../wolfssl/wolfssl_5.8.0.bb                  |   1 +
 2 files changed, 102 insertions(+)
 create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5188.patch

diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5188.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5188.patch
new file mode 100644
index 0000000000..3c4de09188
--- /dev/null
+++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5188.patch
@@ -0,0 +1,101 @@
+From 928e64ee08438203cc966d122bb9736361bd6fc7 Mon Sep 17 00:00:00 2001
+From: Eric Blankenhorn <eric@wolfssl.com>
+Date: Fri, 20 Mar 2026 08:16:47 -0500
+Subject: [PATCH] Fix DecodeAltNames length check
+
+(cherry picked from commit 6446bb21155e80a41538d1f815a6cf5a5a0cc0f8)
+
+CVE: CVE-2026-5188
+Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/6446bb21155e80a41538d1f815a6cf5a5a0cc0f8]
+
+Dropped unit test changes during the backport.
+
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ wolfcrypt/src/asn.c | 24 ++++++++++++++++++++++++
+ 1 file changed, 24 insertions(+)
+
+diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
+index af74678c5..b00568534 100644
+--- a/wolfcrypt/src/asn.c
++++ b/wolfcrypt/src/asn.c
+@@ -19769,6 +19769,9 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
+ 
+             AddAltName(cert, dnsEntry);
+ 
++            if (strLen > length) {
++                return ASN_PARSE_E;
++            }
+             length -= strLen;
+             idx    += (word32)strLen;
+         }
+@@ -19810,6 +19813,9 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
+             dirEntry->next = cert->altDirNames;
+             cert->altDirNames = dirEntry;
+ 
++            if (strLen > length) {
++                return ASN_PARSE_E;
++            }
+             length -= strLen;
+             idx    += (word32)strLen;
+         }
+@@ -19845,6 +19851,9 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
+             emailEntry->next = cert->altEmailNames;
+             cert->altEmailNames = emailEntry;
+ 
++            if (strLen > length) {
++                return ASN_PARSE_E;
++            }
+             length -= strLen;
+             idx    += (word32)strLen;
+         }
+@@ -19924,6 +19933,9 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
+ 
+             AddAltName(cert, uriEntry);
+ 
++            if (strLen > length) {
++                return ASN_PARSE_E;
++            }
+             length -= strLen;
+             idx    += (word32)strLen;
+         }
+@@ -19970,6 +19982,9 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
+             }
+             AddAltName(cert, ipAddr);
+ 
++            if (strLen > length) {
++                return ASN_PARSE_E;
++            }
+             length -= strLen;
+             idx    += (word32)strLen;
+         }
+@@ -20018,6 +20033,9 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
+ 
+             AddAltName(cert, rid);
+ 
++            if (strLen > length) {
++                return ASN_PARSE_E;
++            }
+             length -= strLen;
+             idx    += (word32)strLen;
+         }
+@@ -20035,6 +20053,9 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
+                 return ASN_PARSE_E;
+             }
+             /* Consume the rest of this sequence. */
++            if ((int)((word32)strLen + idx - lenStartIdx) > length) {
++                return ASN_PARSE_E;
++            }
+             length -= (int)(((word32)strLen + idx - lenStartIdx));
+ 
+             if (GetObjectId(input, &idx, &oid, oidCertAltNameType, sz) < 0) {
+@@ -20087,6 +20108,9 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
+                 WOLFSSL_MSG("\tfail: unsupported name length");
+                 return ASN_PARSE_E;
+             }
++            if ((int)((word32)strLen + idx - lenStartIdx) > length) {
++                return ASN_PARSE_E;
++            }
+             length -= (int)((word32)strLen + idx - lenStartIdx);
+             idx += (word32)strLen;
+         }
diff --git a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb
index 69ad34dc2f..29ff6d6ba9 100644
--- a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb
+++ b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb
@@ -39,6 +39,7 @@ SRC_URI = " \
     file://CVE-2026-4395.patch \
     file://CVE-2026-1005.patch \
     file://CVE-2026-3580.patch \
+    file://CVE-2026-5188.patch \
 "
 
 SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285"