From f846aceee26c7f30ab83a4d7df52ddc1492039b3 Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Wed, 2 Mar 2022 17:17:17 +0100
Subject: [PATCH] Check `input` size in `DecodeNsCertType`

---
 wolfcrypt/src/asn.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index b6c8ee3cd..6dc29aaee 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -15876,13 +15876,16 @@ static int DecodeNsCertType(const byte* input, int sz, DecodedCert* cert)
     int len = 0;
 
     WOLFSSL_ENTER("DecodeNsCertType");
-    if (CheckBitString(input, &idx, &len, (word32)sz, 0, NULL) < 0) {
+
+    if (CheckBitString(input, &idx, &len, (word32)sz, 0, NULL) < 0)
         return ASN_PARSE_E;
-    }
 
     /* Don't need to worry about unused bits as CheckBitString makes sure
      * they're zero. */
-    cert->nsCertType = input[idx];
+    if (idx < (word32)sz)
+        cert->nsCertType = input[idx];
+    else
+        return ASN_PARSE_E;
 
     return 0;
 }