add sanity check on buffer size

wolfcrypt/src/asn.c

@@ -26934,6 +26934,10 @@ static int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz,
     if (ret != 0)
         return ret;
 
+    /* check that the value found is not too large for pubKey buffer */
+    if (inSz - *inOutIdx > *pubKeyLen)
+        return ASN_PARSE_E;
+
     /* This is the raw point data compressed or uncompressed. */
     *pubKeyLen = inSz - *inOutIdx;
     XMEMCPY(pubKey, input + *inOutIdx, *pubKeyLen);

wolfcrypt/test/test.c

@@ -26031,6 +26031,17 @@ WOLFSSL_TEST_SUBROUTINE int ed25519_test(void)
         0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68,
         0xf7,0x07,0x51,0x1a
     };
+
+    /* size has been altered to catch if sanity check is done */
+    static byte badPublicEd25519[] = {
+        0x30,0x2a,0x30,0x05,0x06,0x03,0x2b,0x65,
+        0x70,0x03,0x21,0x00,0xd7,0x5a,0x98,0x01,
+        0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,
+        0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3,
+        0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68,
+        0xf7,0x07,0x51,0x1a,
+        0x00 /* add an additional byte to make the pubkey appear bigger */
+    };
     static byte privPubEd25519[] = {
         0x30,0x52,0x02,0x01,0x00,0x30,0x05,0x06,
         0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20,
@@ -26167,6 +26178,13 @@ WOLFSSL_TEST_SUBROUTINE int ed25519_test(void)
                 != BAD_FUNC_ARG)
         return -11131;
 
+
+    /* try with a buffer size that is too large */
+    idx = 0;
+    if (wc_Ed25519PublicKeyDecode(badPublicEd25519, &idx, &key3,
+                                  sizeof(badPublicEd25519)) == 0)
+        return -11140;
+
     idx = 0;
     if (wc_Ed25519PublicKeyDecode(publicEd25519, &idx, &key3,
                                   sizeof(publicEd25519)) != 0)