X-Git-Url: http://git.indexdata.com/?a=blobdiff_plain;f=odr%2Fber_len.c;h=2c7676533f8fef6e6e18a3c2bc4b5b3231fb8e67;hb=c80275992d29b4815dd25d9203e094ae2880f1ae;hp=88602bd968438887c877fe5ca9d7960740bd3695;hpb=4d531a1a9131d69c3b6c27fbac42837e22cff61c;p=yaz-moved-to-github.git

diff --git a/odr/ber_len.c b/odr/ber_len.c
index 88602bd..2c76765 100644
--- a/odr/ber_len.c
+++ b/odr/ber_len.c
@@ -3,7 +3,7 @@
  * See the file LICENSE for details.
  * Sebastian Hammer, Adam Dickmeiss
  *
- * $Id: ber_len.c,v 1.11 2003-01-06 08:20:27 adam Exp $
+ * $Id: ber_len.c,v 1.13 2003-10-20 13:44:05 adam Exp $
  */
 #if HAVE_CONFIG_H
 #include <config.h>
@@ -79,16 +79,22 @@ int ber_enclen(ODR o, int len, int lenlen, int exact)
 }
 
 /*
- * Decode BER length octets. Returns number of bytes read or -1 for error.
+ * Decode BER length octets. Returns 
+ *  > 0  : number of bytes read 
+ *   -1  : not enough room to read bytes within max bytes
+ *   -2  : other error
+ *
  * After return:
- * len = -1   indefinite.
- * len >= 0    Length.
+ * len = -1   indefinite length.
+ * len >= 0   definite length
  */
-int ber_declen(const unsigned char *buf, int *len)
+int ber_declen(const unsigned char *buf, int *len, int max)
 {
     const unsigned char *b = buf;
     int n;
 
+    if (max < 1)
+        return -1;
     if (*b == 0X80)     /* Indefinite */
     {
     	*len = -1;
@@ -106,16 +112,20 @@ int ber_declen(const unsigned char *buf, int *len)
     	return 1;
     }
     if (*b == 0XFF)     /* reserved value */
-	return -1;
+	return -2;
     /* indefinite long form */ 
     n = *b & 0X7F;
+    if (n >= max)
+        return -1;
     *len = 0;
     b++;
-    while (n--)
+    while (--n >= 0)
     {
     	*len <<= 8;
     	*len |= *(b++);
     }
+    if (*len < 0)
+        return -2;
 #ifdef ODR_DEBUG
     fprintf(stderr, "[len=%d]", *len);
 #endif