Fix GetObjectId bounds in PKCS12 ContentInfo parsing

TristanInSec · TristanInSec · commit 72b26beb012c · 2026-04-15T18:27:08.000-04:00
Bound GetObjectId() by the ContentInfo SEQUENCE end (curIdx + curSz) instead of the full buffer size. This prevents the OID TLV from being parsed past the SEQUENCE boundary in the first place, complementing the post-check added in PR wolfSSL#10018. Previously, GetObjectId received (word32)size as maxIdx, allowing it to read OID data beyond the ContentInfo SEQUENCE. The post-check then caught this after the fact. With this change, GetObjectId itself rejects an OID that would exceed the SEQUENCE, so the over-read never occurs.
diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c
@@ -328,7 +328,7 @@ static int GetSafeContent(WC_PKCS12* pkcs12, const byte* input,
 
             curIdx = localIdx;
             if ((ret = GetObjectId(input, &localIdx, &oid, oidIgnoreType,
-                                                           (word32)size)) < 0) {
+                                       curIdx + (word32)curSz)) < 0) {
                 WOLFSSL_LEAVE("Get object id failed", ret);
                 freeSafe(safe, pkcs12->heap);
                 return ret;
