From 9cb7b201a4595bbec6493b81340f5d25699a9d57 Mon Sep 17 00:00:00 2001
From: "Jacques A. Vidrine" <n@nectar.com>
Date: Tue, 3 Sep 2002 16:21:49 +0000
Subject: [PATCH] Check for truncated integers: the encoded length may be
 greater than the data buffer.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11339 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/asn1/der_get.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/asn1/der_get.c b/lib/asn1/der_get.c
index 45415c6c4..99b8e782d 100644
--- a/lib/asn1/der_get.c
+++ b/lib/asn1/der_get.c
@@ -252,6 +252,8 @@ decode_integer (const unsigned char *p, size_t len,
     p += l;
     len -= l;
     ret += l;
+    if (reallen > len)
+	return ASN1_OVERRUN;
     e = der_get_int (p, reallen, num, &l);
     if (e) return e;
     p += l;
@@ -279,6 +281,8 @@ decode_unsigned (const unsigned char *p, size_t len,
     p += l;
     len -= l;
     ret += l;
+    if (reallen > len)
+	return ASN1_OVERRUN;
     e = der_get_unsigned (p, reallen, num, &l);
     if (e) return e;
     p += l;