new file mode 100644
@@ -0,0 +1,101 @@
+From 928e64ee08438203cc966d122bb9736361bd6fc7 Mon Sep 17 00:00:00 2001
+From: Eric Blankenhorn <eric@wolfssl.com>
+Date: Fri, 20 Mar 2026 08:16:47 -0500
+Subject: [PATCH] Fix DecodeAltNames length check
+
+(cherry picked from commit 6446bb21155e80a41538d1f815a6cf5a5a0cc0f8)
+
+CVE: CVE-2026-5188
+Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/6446bb21155e80a41538d1f815a6cf5a5a0cc0f8]
+
+Dropped unit test changes during the backport.
+
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ wolfcrypt/src/asn.c | 24 ++++++++++++++++++++++++
+ 1 file changed, 24 insertions(+)
+
+diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
+index af74678c5..b00568534 100644
+--- a/wolfcrypt/src/asn.c
++++ b/wolfcrypt/src/asn.c
+@@ -19769,6 +19769,9 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
+
+ AddAltName(cert, dnsEntry);
+
++ if (strLen > length) {
++ return ASN_PARSE_E;
++ }
+ length -= strLen;
+ idx += (word32)strLen;
+ }
+@@ -19810,6 +19813,9 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
+ dirEntry->next = cert->altDirNames;
+ cert->altDirNames = dirEntry;
+
++ if (strLen > length) {
++ return ASN_PARSE_E;
++ }
+ length -= strLen;
+ idx += (word32)strLen;
+ }
+@@ -19845,6 +19851,9 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
+ emailEntry->next = cert->altEmailNames;
+ cert->altEmailNames = emailEntry;
+
++ if (strLen > length) {
++ return ASN_PARSE_E;
++ }
+ length -= strLen;
+ idx += (word32)strLen;
+ }
+@@ -19924,6 +19933,9 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
+
+ AddAltName(cert, uriEntry);
+
++ if (strLen > length) {
++ return ASN_PARSE_E;
++ }
+ length -= strLen;
+ idx += (word32)strLen;
+ }
+@@ -19970,6 +19982,9 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
+ }
+ AddAltName(cert, ipAddr);
+
++ if (strLen > length) {
++ return ASN_PARSE_E;
++ }
+ length -= strLen;
+ idx += (word32)strLen;
+ }
+@@ -20018,6 +20033,9 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
+
+ AddAltName(cert, rid);
+
++ if (strLen > length) {
++ return ASN_PARSE_E;
++ }
+ length -= strLen;
+ idx += (word32)strLen;
+ }
+@@ -20035,6 +20053,9 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
+ return ASN_PARSE_E;
+ }
+ /* Consume the rest of this sequence. */
++ if ((int)((word32)strLen + idx - lenStartIdx) > length) {
++ return ASN_PARSE_E;
++ }
+ length -= (int)(((word32)strLen + idx - lenStartIdx));
+
+ if (GetObjectId(input, &idx, &oid, oidCertAltNameType, sz) < 0) {
+@@ -20087,6 +20108,9 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
+ WOLFSSL_MSG("\tfail: unsupported name length");
+ return ASN_PARSE_E;
+ }
++ if ((int)((word32)strLen + idx - lenStartIdx) > length) {
++ return ASN_PARSE_E;
++ }
+ length -= (int)((word32)strLen + idx - lenStartIdx);
+ idx += (word32)strLen;
+ }
@@ -29,6 +29,7 @@ SRC_URI = " \
file://CVE-2025-7394-6.patch \
file://CVE-2026-1005.patch \
file://CVE-2026-3580.patch \
+ file://CVE-2026-5188.patch \
"
SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285"
From: Ankur Tyagi <ankur.tyagi85@gmail.com> Backport commit from the PR[1] mentioned in the nvd[2] [1]https://github.com/wolfSSL/wolfssl/pull/10024 [2]https://nvd.nist.gov/vuln/detail/CVE-2026-5188 Dropped unit test changes during the backport. --- .../wolfssl/files/CVE-2026-5188.patch | 101 ++++++++++++++++++ .../wolfssl/wolfssl_5.8.0.bb | 1 + 2 files changed, 102 insertions(+) create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5188.patch