From 4c261911fa1cf7eec78263e42e6aa4064f96fc2d Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@twosigma.com>
Date: Fri, 5 Mar 2021 15:52:30 -0600
Subject: [PATCH] asn1: Fix alignment issue in templating open types

And a stray ^a increment of a 0 into a 1.

Found with AFL.
---
 lib/asn1/template.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/lib/asn1/template.c b/lib/asn1/template.c
index 577988e7f..a9f8f4938 100644
--- a/lib/asn1/template.c
+++ b/lib/asn1/template.c
@@ -1301,8 +1301,12 @@ _asn1_encode_open_type(const struct asn1_template *t,
     } else {
         struct heim_base_data **os = DPO(data, topentype->offset + sizeof(len));
 
+        while (sizeof(void *) != sizeof(unsigned int) &&
+               ((uintptr_t)os) % sizeof(void *) != 0)
+            os = (void *)(((char *)os) + sizeof(unsigned int));
+
         lenp = DPO(data, topentype->offset);
-        if (*lenp == len && os[0]->length && os[1]->data)
+        if (*lenp == len && os[0]->length && os[0]->data)
             return 0;
     }
 
@@ -1883,8 +1887,12 @@ _asn1_length_open_type(const struct asn1_template *tbase,
     } else {
         struct heim_base_data **os = DPO(data, topentype->offset + sizeof(len));
 
+        while (sizeof(void *) != sizeof(unsigned int) &&
+               ((uintptr_t)os) % sizeof(void *) != 0)
+            os = (void *)(((char *)os) + sizeof(unsigned int));
+
         lenp = DPOC(data, topentype->offset);
-        if (*lenp == len && os[0]->length && os[1]->data)
+        if (*lenp == len && os[0]->length && os[0]->data)
             return 0;
     }