From 0f15be4a2de113d2ee2f8852bdd2a0b2450ee767 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Tue, 19 Jul 2005 15:08:18 +0000
Subject: [PATCH] rewrite integer overflow tests w/o SIZE_T_MAX

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15662 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/asn1/der_get.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/lib/asn1/der_get.c b/lib/asn1/der_get.c
index b2a36b1ed..daa1606e5 100644
--- a/lib/asn1/der_get.c
+++ b/lib/asn1/der_get.c
@@ -137,7 +137,7 @@ der_get_general_string (const unsigned char *p, size_t len,
 {
     char *s;
 
-    if (len > SIZE_T_MAX - 1)
+    if (len > len + 1)
 	return ASN1_BAD_LENGTH;
 
     s = malloc (len + 1);
@@ -339,7 +339,7 @@ der_get_oid (const unsigned char *p, size_t len,
     if (len < 1)
 	return ASN1_OVERRUN;
 
-    if (len > SIZE_T_MAX - 1)
+    if (len > len + 1)
 	return ASN1_BAD_LENGTH;
 
     data->components = malloc((len + 1) * sizeof(*data->components));
@@ -485,7 +485,9 @@ der_get_bit_string (const unsigned char *p, size_t len,
 	return ASN1_BAD_FORMAT;
     if (len - 1 == 0 && p[0] != 0)
 	return ASN1_BAD_FORMAT;
-    if (len - 1 > SIZE_T_MAX / 8)
+    /* check if any of the three upper bits are set
+     * any of them will cause a interger overrun */
+    if ((len - 1) >> (sizeof(len) * 8 - 3))
 	return ASN1_OVERRUN;
     data->length = (len - 1) * 8;
     data->data = malloc(len - 1);