From 2989e9848780663b5c33829e4e3849decf3bbe31 Mon Sep 17 00:00:00 2001
From: Tesfa Mael <tesfa@wolfssl.com>
Date: Mon, 1 Jun 2026 10:19:16 -0700
Subject: [PATCH] Fix heap out-of-bounds read in TPM2_ASN_RsaUnpadPkcsv15

When a PKCS#1 v1.5 padded buffer consists entirely of 0xFF padding
bytes after the 0x00 0x01 header, with no 0x00 separator, the padding
scan loop exits with idx == *sigSz. The subsequent separator check then
dereferenced sig[*sigSz], reading one byte past the end of the buffer.
A 3-byte input of 00 01 FF triggers the over-read.

Add a bounds check (idx < *sigSz) before dereferencing the separator
byte. Fixes #515.
---
 src/tpm2_asn.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tpm2_asn.c b/src/tpm2_asn.c
index 6e4ec27b..bab41b60 100644
--- a/src/tpm2_asn.c
+++ b/src/tpm2_asn.c
@@ -381,7 +381,7 @@ int TPM2_ASN_RsaUnpadPkcsv15(uint8_t** pSig, int* sigSz)
                 break;
             idx++;
         }
-        if (sig[idx++] == 0x00) {
+        if (idx < *sigSz && sig[idx++] == 0x00) {
             rc = 0;
             *pSig = &sig[idx];
             *sigSz -= idx;