Fix bug in ParseCRL_Extensions

lealem47 · lealem47 · commit 8a93883773be · 2025-03-24T11:41:46.000-06:00
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
@@ -39163,6 +39163,7 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf, word32 idx,
         ret = GetASN_Items(certExtASN, dataASN, certExtASN_Length, 0, buf, &idx,
                 maxIdx);
         if (ret == 0) {
+            word32 localIdx = idx;
             /* OID in extension. */
             word32 oid = dataASN[CERTEXTASN_IDX_OID].data.oid.sum;
             /* Length of extension data. */
@@ -39172,7 +39173,7 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf, word32 idx,
             #ifndef NO_SKID
                 /* Parse Authority Key Id extension.
                  * idx is at start of OCTET_STRING data. */
-                ret = ParseCRL_AuthKeyIdExt(buf + idx, length, dcrl);
+                ret = ParseCRL_AuthKeyIdExt(buf + localIdx, length, dcrl);
                 if (ret != 0) {
                     WOLFSSL_MSG("\tcouldn't parse AuthKeyId extension");
                 }
@@ -39195,7 +39196,7 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf, word32 idx,
                     }
                 }
                 if (ret == 0) {
-                    ret = GetInt(m, buf, &idx, maxIdx);
+                    ret = GetInt(m, buf, &localIdx, maxIdx);
                 }
                 if (ret == 0) {
                     dcrl->crlNumber = (int)m->dp[0];

Original file line number	Diff line number	Diff line change
`@@ -39163,6 +39163,7 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf, word32 idx,`
`39163`	`39163`	`ret = GetASN_Items(certExtASN, dataASN, certExtASN_Length, 0, buf, &idx,`
`39164`	`39164`	`maxIdx);`
`39165`	`39165`	`if (ret == 0) {`
	`39166`	`+ word32 localIdx = idx;`
`39166`	`39167`	`/* OID in extension. */`
`39167`	`39168`	`word32 oid = dataASN[CERTEXTASN_IDX_OID].data.oid.sum;`
`39168`	`39169`	`/* Length of extension data. */`
`@@ -39172,7 +39173,7 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf, word32 idx,`
`39172`	`39173`	`#ifndef NO_SKID`
`39173`	`39174`	`/* Parse Authority Key Id extension.`
`39174`	`39175`	`* idx is at start of OCTET_STRING data. */`
`39175`		`- ret = ParseCRL_AuthKeyIdExt(buf + idx, length, dcrl);`
	`39176`	`+ ret = ParseCRL_AuthKeyIdExt(buf + localIdx, length, dcrl);`
`39176`	`39177`	`if (ret != 0) {`
`39177`	`39178`	`WOLFSSL_MSG("\tcouldn't parse AuthKeyId extension");`
`39178`	`39179`	`}`
`@@ -39195,7 +39196,7 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf, word32 idx,`
`39195`	`39196`	`}`
`39196`	`39197`	`}`
`39197`	`39198`	`if (ret == 0) {`
`39198`		`- ret = GetInt(m, buf, &idx, maxIdx);`
	`39199`	`+ ret = GetInt(m, buf, &localIdx, maxIdx);`
`39199`	`39200`	`}`
`39200`	`39201`	`if (ret == 0) {`
`39201`	`39202`	`dcrl->crlNumber = (int)m->dp[0];`