2 files changed, 14 insertions, 3 deletions

diff --git a/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c b/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c
index 142ef95..cb93e8f 100644
--- a/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c
+++ b/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c
@@ -79,8 +79,8 @@ static int _new_element(ltc_asn1_list **l)
 */
 int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc_asn1_list **out)
 {
-   ltc_asn1_list *l;
-   unsigned long err, type, len, totlen, data_offset;
+   ltc_asn1_list *l, *t;
+   unsigned long err, type, len, totlen, data_offset, len_len;
    void          *realloc_tmp;
 
    LTC_ARGCHK(in    != NULL);
@@ -407,6 +407,17 @@ int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc
                 l->child->parent = l;
              }
 
+             t = l;
+             len_len = 0;
+             while((t != NULL) && (t->child != NULL)) {
+                len_len++;
+                t = t->child;
+             }
+             if (len_len > LTC_DER_MAX_RECURSION) {
+                err = CRYPT_ERROR;
+                goto error;
+             }
+
              break;
 
          case 0x80: /* Context-specific */
diff --git a/libtomcrypt/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c b/libtomcrypt/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c
index 6826181..d2d0811 100644
--- a/libtomcrypt/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c
+++ b/libtomcrypt/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c
@@ -80,7 +80,7 @@ int der_decode_subject_public_key_info(const unsigned char *in, unsigned long in
    }
 
    if ((alg_id[0].size != oid.OIDlen) ||
-        XMEMCMP(oid.OID, alg_id[0].data, oid.OIDlen * sizeof(oid.OID[0]))) {
+        XMEMCMP(oid.OID, alg_id[0].data, oid.OIDlen * sizeof(oid.OID[0])) != 0) {
         /* OID mismatch */
         err = CRYPT_PK_INVALID_TYPE;
         goto LBL_ERR;