asn1_get_length_ber: pass the correct length to _asn1_get_indefinite_length_string

This addresses reading 1-byte past the end of data. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-01-16 17:05:01 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-01-16 17:05:22 +0100
commit: b3f7ecac48fb3b31f3340a745a4a5cfe947ecd82 (patch)
tree: 54e3f93862a0fb516949f674e2c683583d3bd0ed
parent: 6ec2a27db5dfabb98777d036f095ca4748a96e50 (diff)
download: libtasn1-b3f7ecac48fb3b31f3340a745a4a5cfe947ecd82.tar.gz
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/decoding.c b/lib/decoding.c
index 27a02b3..c2e6027 100644
--- a/lib/decoding.c
+++ b/lib/decoding.c
@@ -114,7 +114,7 @@ asn1_get_length_der (const unsigned char *der, int der_len, int *len)
       k = der[0] & 0x7F;
       punt = 1;
       if (k)
-	{			/* definite length method */
+	{ /* definite length method */
 	  ans = 0;
 	  while (punt <= k && punt < der_len)
 	    {
@@ -237,9 +237,9 @@ asn1_get_length_ber (const unsigned char *ber, int ber_len, int *len)
   long err;
 
   ret = asn1_get_length_der (ber, ber_len, len);
-  if (ret == -1)
+  if (ret == -1 && ber_len > 1)
     {				/* indefinite length method */
-      err = _asn1_get_indefinite_length_string (ber + 1, ber_len, &ret);
+      err = _asn1_get_indefinite_length_string (ber + 1, ber_len-1, &ret);
       if (err != ASN1_SUCCESS)
 	return -3;
     }
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-01-16 17:05:01 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-01-16 17:05:22 +0100
commit	b3f7ecac48fb3b31f3340a745a4a5cfe947ecd82 (patch)
tree	54e3f93862a0fb516949f674e2c683583d3bd0ed
parent	6ec2a27db5dfabb98777d036f095ca4748a96e50 (diff)
download	libtasn1-b3f7ecac48fb3b31f3340a745a4a5cfe947ecd82.tar.gz