Fix CRL Number hex string buffer overflow in CRL parser

Author: miyazakh

certs/crl/extra-crls/large_crlnum.pem

@@ -0,0 +1,43 @@
+Certificate Revocation List (CRL):
+        Version 2 (0x1)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com, emailAddress=info@wolfssl.com
+        Last Update: Jan  8 07:15:25 2026 GMT
+        Next Update: Oct  4 07:15:25 2028 GMT
+        CRL extensions:
+            X509v3 CRL Number: 
+                0xD8AFADA7F08B38E6178BD0E5CD7B0DF80071BA74
+Revoked Certificates:
+    Serial Number: 01
+        Revocation Date: Jan  8 07:15:25 2026 GMT
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        0c:45:a0:2e:ba:ad:28:48:eb:61:29:a6:fa:d0:76:8c:96:bb:
+        1a:9a:79:90:05:06:78:8e:d2:f6:4d:6d:4c:75:62:d2:b2:91:
+        f8:e4:59:a9:db:6f:e6:58:fe:f9:2e:7a:67:a7:01:a3:68:ee:
+        b1:23:a6:25:2a:85:84:3d:bf:86:bf:6d:d5:a6:2d:03:8e:d1:
+        ac:0f:73:4c:47:ea:fb:75:2e:85:1f:dc:fa:5e:b2:eb:d1:f4:
+        75:e9:ae:a9:90:6e:ec:c9:05:db:61:39:30:a8:4e:c3:d2:ce:
+        77:2d:ba:bf:fd:74:dc:c6:41:db:65:c4:83:66:9c:91:60:43:
+        57:a3:52:bb:9c:b7:fa:30:d3:01:89:7f:5e:c8:06:0a:34:1b:
+        77:ce:e8:b4:85:c5:6e:63:50:f3:88:cc:e3:54:7b:29:5c:08:
+        4a:7b:35:b4:3f:01:2e:c5:93:4f:7c:7a:17:bf:0d:bd:be:3e:
+        a9:1b:ef:a0:9c:bc:78:9e:91:99:91:e7:38:63:f1:24:86:02:
+        63:81:cb:67:3a:f7:3c:5c:45:87:54:f4:9a:16:25:a2:e5:bd:
+        ee:7e:9a:28:c0:db:4e:bc:4a:0d:c2:5f:14:ea:9c:8a:42:db:
+        d2:1d:27:b8:d2:3c:57:4a:bf:46:4a:95:ac:7f:f4:47:22:dd:
+        d5:dc:52:3f
+-----BEGIN X509 CRL-----
+MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
+aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
+MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yNjAxMDgwNzE1MjVa
+Fw0yODEwMDQwNzE1MjVaMBQwEgIBARcNMjYwMTA4MDcxNTI1WqAiMCAwHgYDVR0U
+BBcCFQDYr62n8Is45heL0OXNew34AHG6dDANBgkqhkiG9w0BAQsFAAOCAQEADEWg
+LrqtKEjrYSmm+tB2jJa7Gpp5kAUGeI7S9k1tTHVi0rKR+ORZqdtv5lj++S56Z6cB
+o2jusSOmJSqFhD2/hr9t1aYtA47RrA9zTEfq+3UuhR/c+l6y69H0demuqZBu7MkF
+22E5MKhOw9LOdy26v/103MZB22XEg2ackWBDV6NSu5y3+jDTAYl/XsgGCjQbd87o
+tIXFbmNQ84jM41R7KVwISns1tD8BLsWTT3x6F78Nvb4+qRvvoJy8eJ6RmZHnOGPx
+JIYCY4HLZzr3PFxFh1T0mhYlouW97n6aKMDbTrxKDcJfFOqcikLb0h0nuNI8V0q/
+RkqVrH/0RyLd1dxSPw==
+-----END X509 CRL-----

certs/crl/extra-crls/large_crlnum2.pem

@@ -0,0 +1,43 @@
+Certificate Revocation List (CRL):
+        Version 2 (0x1)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com, emailAddress=info@wolfssl.com
+        Last Update: Jan  8 07:15:25 2026 GMT
+        Next Update: Oct  4 07:15:25 2028 GMT
+        CRL extensions:
+            X509v3 CRL Number: 
+                0x8BC28C3B3F7A6344CD464A9FDC837F2009DEB94FD3
+Revoked Certificates:
+    Serial Number: 01
+        Revocation Date: Jan  8 07:15:25 2026 GMT
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        47:71:aa:8d:29:11:90:57:c9:70:78:a5:de:40:ee:c3:da:81:
+        68:d0:20:09:af:5b:5f:30:f9:69:14:ff:8a:cf:46:0d:e8:0d:
+        45:df:1d:49:ce:05:01:28:a5:34:50:b6:cb:54:9d:a1:42:6c:
+        f6:e2:66:de:be:e4:90:55:c1:83:e5:4c:26:96:43:29:39:84:
+        ad:68:3c:0d:5a:d4:e7:ba:7c:21:e9:a1:c2:0c:ad:6f:0c:32:
+        71:81:9f:df:7d:c3:0d:92:a4:6f:43:9f:8f:b7:ef:2d:6d:92:
+        a6:17:cb:c7:4c:2e:3b:a5:2b:2c:74:fa:d1:be:6d:dc:19:04:
+        d6:b6:56:6c:26:94:8e:13:15:29:12:fe:1a:a4:73:55:df:a5:
+        c8:d3:d5:99:4a:c6:be:64:1f:90:a9:d8:94:d1:3b:b1:0e:ff:
+        e4:81:d0:e5:a4:8a:a7:a9:82:fb:a6:86:be:e7:e1:a8:b5:0d:
+        87:bb:76:5b:0e:05:1f:d4:82:3c:68:99:ec:ae:ae:8e:4a:72:
+        cf:3f:8a:7f:b0:a2:69:d9:8c:68:7d:2f:3e:54:e9:fb:70:cf:
+        d4:ed:1b:61:68:33:4f:93:9b:5f:5e:e9:de:e8:51:66:fd:c8:
+        35:40:a0:7d:42:bd:d7:f4:96:cd:c8:72:14:84:cd:f5:19:8c:
+        a0:5a:b7:72
+-----BEGIN X509 CRL-----
+MIICGjCCAQICAQEwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
+aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
+MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yNjAxMDgwNzE1MjVa
+Fw0yODEwMDQwNzE1MjVaMBQwEgIBARcNMjYwMTA4MDcxNTI1WqAjMCEwHwYDVR0U
+BBgCFgCLwow7P3pjRM1GSp/cg38gCd65T9MwDQYJKoZIhvcNAQELBQADggEBAEdx
+qo0pEZBXyXB4pd5A7sPagWjQIAmvW18w+WkU/4rPRg3oDUXfHUnOBQEopTRQtstU
+naFCbPbiZt6+5JBVwYPlTCaWQyk5hK1oPA1a1Oe6fCHpocIMrW8MMnGBn999ww2S
+pG9Dn4+37y1tkqYXy8dMLjulKyx0+tG+bdwZBNa2VmwmlI4TFSkS/hqkc1XfpcjT
+1ZlKxr5kH5Cp2JTRO7EO/+SB0OWkiqepgvumhr7n4ai1DYe7dlsOBR/Ugjxomeyu
+ro5Kcs8/in+womnZjGh9Lz5U6ftwz9TtG2FoM0+Tm19e6d7oUWb9yDVAoH1Cvdf0
+ls3IchSEzfUZjKBat3I=
+-----END X509 CRL-----

certs/crl/gencrls.sh

@@ -219,4 +219,26 @@ openssl crl -in crl_rsapss.pem -text > tmp
 check_result $?
 mv tmp crl_rsapss.pem
 
+echo "Step 29 large CRL number( = 20 octets )"
+echo d8afada7f08b38e6178bd0e5cd7b0df80071ba74 > crlnumber
+openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out extra-crls/large_crlnum.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
+check_result $?
+
+# metadata
+echo "Step 29"
+openssl crl -in extra-crls/large_crlnum.pem -text > tmp
+check_result $?
+mv tmp extra-crls/large_crlnum.pem
+
+echo "Step 30 large CRL number( > 20 octets )"
+echo 8bc28c3b3f7a6344cd464a9fdc837f2009deb94fd3 > crlnumber
+openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out extra-crls/large_crlnum2.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
+check_result $?
+
+# metadata
+echo "Step 30"
+openssl crl -in extra-crls/large_crlnum2.pem -text > tmp
+check_result $?
+mv tmp extra-crls/large_crlnum2.pem
+
 exit 0

src/crl.c

@@ -138,7 +138,7 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff,
     crle->totalCerts = dcrl->totalCerts;
     crle->crlNumberSet = dcrl->crlNumberSet;
     if (crle->crlNumberSet) {
-        XMEMCPY(crle->crlNumber, dcrl->crlNumber, CRL_MAX_NUM_SZ);
+        XMEMCPY(crle->crlNumber, dcrl->crlNumber, CRL_MAX_NUM_HEX_STR_SZ);
     }
     crle->verified = verified;
     if (!verified) {
@@ -597,7 +597,7 @@ static void SetCrlInfo(CRL_Entry* entry, CrlInfo *info)
     info->nextDateFormat = entry->nextDateFormat;
     info->crlNumberSet = entry->crlNumberSet;
     if (info->crlNumberSet)
-        XMEMCPY(info->crlNumber, entry->crlNumber, CRL_MAX_NUM_SZ);
+        XMEMCPY(info->crlNumber, entry->crlNumber, CRL_MAX_NUM_HEX_STR_SZ);
 }
 
 static void SetCrlInfoFromDecoded(DecodedCRL* entry, CrlInfo *info)
@@ -612,7 +612,7 @@ static void SetCrlInfoFromDecoded(DecodedCRL* entry, CrlInfo *info)
     info->nextDateFormat = entry->nextDateFormat;
     info->crlNumberSet = entry->crlNumberSet;
     if (info->crlNumberSet)
-        XMEMCPY(info->crlNumber, entry->crlNumber, CRL_MAX_NUM_SZ);
+        XMEMCPY(info->crlNumber, entry->crlNumber, CRL_MAX_NUM_HEX_STR_SZ);
 }
 #endif
 

tests/api.c

@@ -31518,6 +31518,58 @@ static int test_wolfSSL_CTX_LoadCRL(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_CTX_LoadCRL_largeCRLnum(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_CRL) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \
+    defined(HAVE_CRL_UPDATE_CB)
+    WOLFSSL_CERT_MANAGER* cm = NULL;
+    const char* caCert     =  "./certs/ca-cert.pem";
+    const char* crl_lrgcrlnum = "./certs/crl/extra-crls/large_crlnum.pem";
+    const char* crl_lrgcrlnum2 = "./certs/crl/extra-crls/large_crlnum2.pem";
+    const char* exp_crlnum = "D8AFADA7F08B38E6178BD0E5CD7B0DF80071BA74";
+    byte *crlLrgCrlNumBuff = NULL;
+    word32  crlLrgCrlNumSz;
+    CrlInfo crlInfo;
+    XFILE f;
+    word32 sz;
+
+    cm = wolfSSL_CertManagerNew();
+    ExpectNotNull(cm);
+    ExpectIntEQ(wolfSSL_CertManagerLoadCA(cm, caCert, NULL),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, crl_lrgcrlnum,
+                                                WOLFSSL_FILETYPE_PEM),
+        WOLFSSL_SUCCESS);
+
+    AssertTrue((f = XFOPEN(crl_lrgcrlnum, "rb")) != XBADFILE);
+    AssertTrue(XFSEEK(f, 0, XSEEK_END) == 0);
+    AssertIntGE(sz = (word32) XFTELL(f), 1);
+    AssertTrue(XFSEEK(f, 0, XSEEK_SET) == 0);
+    AssertTrue( \
+        (crlLrgCrlNumBuff =
+            (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)) != NULL);
+    AssertTrue(XFREAD(crlLrgCrlNumBuff, 1, sz, f) == sz);
+    XFCLOSE(f);
+    crlLrgCrlNumSz = sz;
+
+    AssertIntEQ(wolfSSL_CertManagerGetCRLInfo(
+        cm, &crlInfo, crlLrgCrlNumBuff, crlLrgCrlNumSz, WOLFSSL_FILETYPE_PEM),
+        WOLFSSL_SUCCESS);
+    AssertIntEQ(XMEMCMP(
+        crlInfo.crlNumber, exp_crlnum, XSTRLEN(exp_crlnum)), 0);
+    /* Expect to fail loading CRL because of >21 octets CRL number */
+    ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, crl_lrgcrlnum2,
+                                                WOLFSSL_FILETYPE_PEM),
+        ASN_PARSE_E);
+
+    XFREE(crlLrgCrlNumBuff, NULL, DYNAMIC_TYPE_FILE);
+    wolfSSL_CertManagerFree(cm);
+#endif
+    return EXPECT_RESULT();
+
+}
+
 #if defined(HAVE_CRL) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \
     defined(HAVE_CRL_UPDATE_CB)
 int crlUpdateTestStatus = 0;
@@ -31575,7 +31627,7 @@ static void updateCrlCb(CrlInfo* old, CrlInfo* cnew)
     AssertIntEQ(crl1Info.nextDateMaxLen, old->nextDateMaxLen);
     AssertIntEQ(crl1Info.nextDateFormat, old->nextDateFormat);
     AssertIntEQ(XMEMCMP(
-        crl1Info.crlNumber, old->crlNumber, CRL_MAX_NUM_SZ), 0);
+        crl1Info.crlNumber, old->crlNumber, CRL_MAX_NUM_HEX_STR_SZ), 0);
     AssertIntEQ(XMEMCMP(
         crl1Info.issuerHash, old->issuerHash, old->issuerHashLen), 0);
     AssertIntEQ(XMEMCMP(
@@ -31590,7 +31642,7 @@ static void updateCrlCb(CrlInfo* old, CrlInfo* cnew)
     AssertIntEQ(crlRevInfo.nextDateMaxLen, cnew->nextDateMaxLen);
     AssertIntEQ(crlRevInfo.nextDateFormat, cnew->nextDateFormat);
     AssertIntEQ(XMEMCMP(
-        crlRevInfo.crlNumber, cnew->crlNumber, CRL_MAX_NUM_SZ), 0);
+        crlRevInfo.crlNumber, cnew->crlNumber, CRL_MAX_NUM_HEX_STR_SZ), 0);
     AssertIntEQ(XMEMCMP(
         crlRevInfo.issuerHash, cnew->issuerHash, cnew->issuerHashLen), 0);
     AssertIntEQ(XMEMCMP(
@@ -42089,6 +42141,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_use_certificate_chain_file),
     TEST_DECL(test_wolfSSL_CTX_trust_peer_cert),
     TEST_DECL(test_wolfSSL_CTX_LoadCRL),
+    TEST_DECL(test_wolfSSL_CTX_LoadCRL_largeCRLnum),
     TEST_DECL(test_wolfSSL_crl_update_cb),
     TEST_DECL(test_wolfSSL_CTX_SetTmpDH_file),
     TEST_DECL(test_wolfSSL_CTX_SetTmpDH_buffer),

wolfcrypt/src/asn.c

@@ -40748,6 +40748,7 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf,
         word32* inOutIdx, word32 sz)
 {
     int length;
+    int needed;
     word32 idx;
     word32 ext_bound; /* boundary index for the sequence of extensions */
     word32 oid;
@@ -40853,7 +40854,24 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf,
 
                     if (ret != MP_OKAY)
                         ret = BUFFER_E;
-
+                    /* Check CRL number size
+                     * if it exceeds CRL_MAX_NUM_SZ(octets)
+                     */
+                    if (mp_unsigned_bin_size(m) > CRL_MAX_NUM_SZ) {
+                        WOLFSSL_MSG("CRL number exceeds limitation.");
+                        ret = BUFFER_E;
+                    }
+                    /* Determine required size for hexadecimal string encoding */
+                    if (ret == MP_OKAY &&
+                        (mp_radix_size(m, MP_RADIX_HEX, &needed) != MP_OKAY)) {
+                        WOLFSSL_MSG("mp_radix_size failure");
+                        ret = BUFFER_E;
+                    }
+                    if (ret == MP_OKAY && needed > CRL_MAX_NUM_HEX_STR_SZ) {
+                        WOLFSSL_MSG("CRL number hex string"
+                                        " exceeds buffer limitation");
+                        ret = BUFFER_E;
+                    }
                     if (ret == MP_OKAY && mp_toradix(m, (char*)dcrl->crlNumber,
                                 MP_RADIX_HEX) != MP_OKAY)
                         ret = BUFFER_E;
@@ -40891,6 +40909,7 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf, word32 idx,
         word32 maxIdx)
 {
     DECL_ASNGETDATA(dataASN, certExtASN_Length);
+    int needed;
     int ret = 0;
     /* Track if we've seen these extensions already */
     word32 seenAuthKey = 0;
@@ -40970,7 +40989,24 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf, word32 idx,
                     if (ret == 0) {
                         ret = GetInt(m, buf, &localIdx, maxIdx);
                     }
-
+                    /* Check CRL number size
+                     * if it exceeds CRL_MAX_NUM_SZ(octets)
+                     */
+                    if (mp_unsigned_bin_size(m) > CRL_MAX_NUM_SZ) {
+                        WOLFSSL_MSG("CRL number exceeds limitation.");
+                        ret = BUFFER_E;
+                    }
+                    /* Determine required size for hexadecimal string encoding */
+                    if (ret == MP_OKAY &&
+                        (mp_radix_size(m, MP_RADIX_HEX, &needed) != MP_OKAY)) {
+                        WOLFSSL_MSG("mp_radix_size failure");
+                        ret = BUFFER_E;
+                    }
+                    if (ret == MP_OKAY && needed > CRL_MAX_NUM_HEX_STR_SZ) {
+                        WOLFSSL_MSG("CRL number hex string"
+                                        " exceeds buffer limitation");
+                        ret = BUFFER_E;
+                    }
                     if (ret == 0 && mp_toradix(m, (char*)dcrl->crlNumber,
                                  MP_RADIX_HEX) != MP_OKAY)
                         ret = BUFFER_E;

wolfssl/internal.h

@@ -2504,7 +2504,7 @@ struct CRL_Entry {
     /* DupCRL_Entry copies data after the `verifyMutex` member. Using the mutex
      * as the marker because clang-tidy doesn't like taking the sizeof a
      * pointer. */
-    byte    crlNumber[CRL_MAX_NUM_SZ];    /* CRL number extension */
+    byte    crlNumber[CRL_MAX_NUM_HEX_STR_SZ];    /* CRL number extension */
     byte    issuerHash[CRL_DIGEST_SIZE];  /* issuer hash                 */
     /* byte    crlHash[CRL_DIGEST_SIZE];      raw crl data hash           */
     /* restore the hash here if needed for optimized comparisons */

wolfssl/ssl.h

@@ -3795,7 +3795,7 @@ typedef int  (*CbCrlIO)(WOLFSSL_CRL* crl, const char* url, int urlSz);
 
 #ifdef HAVE_CRL_UPDATE_CB
 typedef struct CrlInfo {
-    byte crlNumber[CRL_MAX_NUM_SZ];
+    byte crlNumber[CRL_MAX_NUM_HEX_STR_SZ];
     byte *issuerHash;
     word32 issuerHashLen;
     byte *lastDate;

wolfssl/wolfcrypt/asn.h

@@ -2693,6 +2693,7 @@ struct RevokedCert {
 #define CRL_MAX_NUM_SZ 20 /* RFC5280 states that CRL number can be up to 20 */
 #endif                    /* octets long */
 
+#define CRL_MAX_NUM_HEX_STR_SZ (CRL_MAX_NUM_SZ * 2 + 1)
 
 typedef struct DecodedCRL DecodedCRL;
 
@@ -2706,7 +2707,7 @@ struct DecodedCRL {
     word32  sigParamsLength;         /* length of signature parameters   */
 #endif
     byte*   signature;               /* pointer into raw source, not owned */
-    byte    crlNumber[CRL_MAX_NUM_SZ];      /* CRL number extension */
+    byte    crlNumber[CRL_MAX_NUM_HEX_STR_SZ];      /* CRL number extension */
     byte    issuerHash[SIGNER_DIGEST_SIZE]; /* issuer name hash          */
     byte    crlHash[SIGNER_DIGEST_SIZE]; /* raw crl data hash            */
     byte    lastDate[MAX_DATE_SIZE]; /* last date updated  */