X-Git-Url: http://git.indexdata.com/?a=blobdiff_plain;f=odr%2Fber_len.c;h=b4fdba606396671f18741df47bc4e6e456690b3a;hb=6aa60532542a01bfe78be0c91cbf57ce7cf851ce;hp=6fd3f9b3bf41a7252e732da185bc6fb0acdb487b;hpb=569f86b4615c2731727be2a0ff898d36f9725819;p=yaz-moved-to-github.git

diff --git a/odr/ber_len.c b/odr/ber_len.c
index 6fd3f9b..b4fdba6 100644
--- a/odr/ber_len.c
+++ b/odr/ber_len.c
@@ -1,9 +1,9 @@
 /*
- * Copyright (C) 1995-2002, Index Data.
+ * Copyright (C) 1995-2003, Index Data.
  * See the file LICENSE for details.
  * Sebastian Hammer, Adam Dickmeiss
  *
- * $Id: ber_len.c,v 1.10 2002-07-25 12:51:08 adam Exp $
+ * $Id: ber_len.c,v 1.12 2003-03-11 11:03:31 adam Exp $
  */
 #if HAVE_CONFIG_H
 #include <config.h>
@@ -84,11 +84,13 @@ int ber_enclen(ODR o, int len, int lenlen, int exact)
  * len = -1   indefinite.
  * len >= 0    Length.
  */
-int ber_declen(const unsigned char *buf, int *len)
+int ber_declen(const unsigned char *buf, int *len, int max)
 {
     const unsigned char *b = buf;
     int n;
 
+    if (max < 1)
+        return -1;
     if (*b == 0X80)     /* Indefinite */
     {
     	*len = -1;
@@ -109,13 +111,17 @@ int ber_declen(const unsigned char *buf, int *len)
 	return -1;
     /* indefinite long form */ 
     n = *b & 0X7F;
+    if (n >= max)
+        return -1;
     *len = 0;
     b++;
-    while (n--)
+    while (--n >= 0)
     {
     	*len <<= 8;
     	*len |= *(b++);
     }
+    if (*len < 0)
+        return -1;
 #ifdef ODR_DEBUG
     fprintf(stderr, "[len=%d]", *len);
 #endif