Merge pull request #9956 from rlm2002/coverity

20260311 Coverity changes

Author: JacobBarthelmeh

tests/quic.c

@@ -731,9 +731,13 @@ static void ext_dump(const byte *data, size_t data_len, int indent)
     word16 len16, etype, i;
 
     printf("%*sextensions:\n", indent, " ");
-    while (idx < data_len) {
+    while (idx + 4 <= data_len) {
         ato16(&data[idx], &etype); /* extension type */
         ato16(&data[idx+2], &len16); /* extension length */
+        if (idx + 4 + len16 > data_len) {
+            printf("  unexpected extension length\n");
+            break;
+        }
         printf("  extension: %04x [", etype);
         for (i = 0; i < len16; ++i) {
             printf("%s0x%02x", (i? ", ": ""), data[idx+4+i]);

wolfcrypt/src/asn.c

@@ -12932,15 +12932,16 @@ static int DsaKeyIntsToDer(DsaKey* key, byte* output, word32* inLen,
     seqSz = SetSequence(verSz + intTotalLen, seq);
 
     outLen = seqSz + verSz + intTotalLen;
-    *inLen = outLen;
     if (output == NULL) {
+        *inLen = outLen;
         FreeTmpDsas(tmps, key->heap, ints);
         return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if (outLen > *inLen) {
         FreeTmpDsas(tmps, key->heap, ints);
         return BAD_FUNC_ARG;
     }
+    *inLen = outLen;
 
     /* write to output */
     XMEMCPY(output, seq, seqSz);
@@ -18024,6 +18025,10 @@ static word32 SetAlgoIDImpl(int algoOID, byte* output, int type, int curveSz,
     word32 algoSz = 0;
 
     CALLOC_ASNSETDATA(dataASN, algoIdASN_Length, ret, NULL);
+    if(ret < 0) {
+        /* Catch MEMORY_E */
+        return 0;
+    }
 
     algoName = OidFromId((word32)algoOID, (word32)type, &algoSz);
     if (algoName == NULL) {
@@ -43470,7 +43475,7 @@ int wc_MakeCRL_ex(const byte* issuerDer, word32 issuerSz,
 
     /* Signature AlgorithmIdentifier */
     algoSz = SetAlgoID(sigType, algoBuf, oidSigType, 0);
-    if (algoSz == 0)
+    if (algoSz == 0 || algoSz > MAX_ALGO_SZ)
         return ALGO_ID_E;
 
     /* thisUpdate */