From 50cd4e0c1c538c768861b129571e0307659159b7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Wed, 27 Jun 2007 08:38:13 +0000
Subject: [PATCH] Paranoia check in buffer overun in output function.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21361 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/asn1/gen_encode.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/asn1/gen_encode.c b/lib/asn1/gen_encode.c
index cf58b9652..ff9c03629 100644
--- a/lib/asn1/gen_encode.c
+++ b/lib/asn1/gen_encode.c
@@ -292,6 +292,11 @@ encode_type (const char *name, const Type *t, const char *tmpstr)
 		"size_t elen, totallen = 0;\n"
 		"int eret;\n");
 
+	fprintf(codefile,
+		"if ((%s)->len > UINT_MAX/sizeof(val[0]))\n"
+		"return ERANGE;\n",
+		name);
+
 	fprintf(codefile,
 		"val = malloc(sizeof(val[0]) * (%s)->len);\n"
 		"if (val == NULL && (%s)->len != 0) return ENOMEM;\n",