Address code review

julek-wolfssl · julek-wolfssl · commit 5a4c63423bad · 2026-03-11T12:28:11.000+01:00
diff --git a/examples/ocsp_responder/ocsp_responder.c b/examples/ocsp_responder/ocsp_responder.c
@@ -571,9 +571,8 @@ static int ParseHttpRequest(const byte* httpReq, int httpReqSz,
                 return -1;
             }
 
-            /* Use Content-Length if available, otherwise use remaining data */
             if (*bodySz == 0) {
-                *bodySz = httpReqSz - offset;
+                return -1;
             }
 
             /* Ensure that the claimed body length fits in the received data */
@@ -1082,6 +1081,9 @@ int main(int argc, char** argv)
     func_args args;
     int ret;
 
+    printf("The ocsp_responder.c example is only meant for testing. "
+            "Do not use this in a production environment.\n");
+
     StartTCP();
 
 #ifdef HAVE_WNR
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
@@ -41673,7 +41673,7 @@ int DecodeOcspRequest(OcspRequest* req, const byte* input, word32 size)
     if (ret == 0) {
         GetASN_GetRef(&dataASN[OCSPREQUESTASN_IDX_TBS_REQ_SERIAL],
                 &serial, &serialSz);
-        if (serialSz == 0 || serial == NULL)
+        if (serialSz == 0 || serial == NULL || serialSz > EXTERNAL_SERIAL_SIZE)
             ret = ASN_PARSE_E;
     }
     if (ret == 0) {

Original file line number	Diff line number	Diff line change
`@@ -41673,7 +41673,7 @@ int DecodeOcspRequest(OcspRequest* req, const byte* input, word32 size)`
`41673`	`41673`	`if (ret == 0) {`
`41674`	`41674`	`GetASN_GetRef(&dataASN[OCSPREQUESTASN_IDX_TBS_REQ_SERIAL],`
`41675`	`41675`	`&serial, &serialSz);`
`41676`		`- if (serialSz == 0 \|\| serial == NULL)`
	`41676`	`+ if (serialSz == 0 \|\| serial == NULL \|\| serialSz > EXTERNAL_SERIAL_SIZE)`
`41677`	`41677`	`ret = ASN_PARSE_E;`
`41678`	`41678`	`}`
`41679`	`41679`	`if (ret == 0) {`