X-Git-Url: http://git.indexdata.com/?a=blobdiff_plain;f=odr%2Fber_len.c;h=b4fdba606396671f18741df47bc4e6e456690b3a;hb=b0555501e434d0f71f97ea17f282db2e795ff950;hp=88602bd968438887c877fe5ca9d7960740bd3695;hpb=4d531a1a9131d69c3b6c27fbac42837e22cff61c;p=yaz-moved-to-github.git

diff --git a/odr/ber_len.c b/odr/ber_len.c
index 88602bd..b4fdba6 100644
--- a/odr/ber_len.c
+++ b/odr/ber_len.c
@@ -3,7 +3,7 @@
  * See the file LICENSE for details.
  * Sebastian Hammer, Adam Dickmeiss
  *
- * $Id: ber_len.c,v 1.11 2003-01-06 08:20:27 adam Exp $
+ * $Id: ber_len.c,v 1.12 2003-03-11 11:03:31 adam Exp $
  */
 #if HAVE_CONFIG_H
 #include <config.h>
@@ -84,11 +84,13 @@ int ber_enclen(ODR o, int len, int lenlen, int exact)
  * len = -1   indefinite.
  * len >= 0    Length.
  */
-int ber_declen(const unsigned char *buf, int *len)
+int ber_declen(const unsigned char *buf, int *len, int max)
 {
     const unsigned char *b = buf;
     int n;
 
+    if (max < 1)
+        return -1;
     if (*b == 0X80)     /* Indefinite */
     {
     	*len = -1;
@@ -109,13 +111,17 @@ int ber_declen(const unsigned char *buf, int *len)
 	return -1;
     /* indefinite long form */ 
     n = *b & 0X7F;
+    if (n >= max)
+        return -1;
     *len = 0;
     b++;
-    while (n--)
+    while (--n >= 0)
     {
     	*len <<= 8;
     	*len |= *(b++);
     }
+    if (*len < 0)
+        return -1;
 #ifdef ODR_DEBUG
     fprintf(stderr, "[len=%d]", *len);
 #endif