From 326f02d76db7d4317688556e8bb51c72c5cbe00c Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Wed, 11 Sep 2019 11:28:33 -0700
Subject: [PATCH] Fix for buffer overrun check logic.

---
 wolfcrypt/src/asn.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 3b2fcd82f..9328e51ef 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -8061,7 +8061,7 @@ static int CheckCertSignature_ex(const byte* cert, word32 certSz, void* heap,
                         if (GetSequence(cert, &extIdx, &extLen, certSz) < 0)
                             ret = ASN_PARSE_E;
 
-                        if (ret == 0 && extIdx + 1 < certSz)
+                        if (ret == 0 && (extIdx + 1) >= certSz)
                             ret = BUFFER_E;
 
                         if (ret == 0 &&