1 files changed, 7 insertions, 4 deletions
diff --git a/src/lib/libcrypto/asn1/asn1_lib.c b/src/lib/libcrypto/asn1/asn1_lib.c
index 830ff2af3c..422685a3b4 100644
--- a/src/lib/libcrypto/asn1/asn1_lib.c
+++ b/src/lib/libcrypto/asn1/asn1_lib.c
@@ -59,6 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
 static int asn1_get_length(unsigned char **pp,int *inf,long *rl,int max);
 static void asn1_put_length(unsigned char **pp, int length);
@@ -123,15 +124,13 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
                (int)(omax+ *pp));
 #endif
-#if 0
+        if (*plength > (omax - (*pp - p)))
-        if ((p+ *plength) > (omax+ *pp))
                {
                ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
                /* Set this so that even if things are not long enough
                 * the values are set correctly */
                ret|=0x80;
                }
-#endif
        *pp=p;
        return(ret|inf);
 err:
@@ -158,6 +157,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
                i= *p&0x7f;
                if (*(p++) & 0x80)
                        {
+                        if (i > sizeof(long))
+                                return 0;
                        if (max-- == 0) return(0);
                        while (i-- > 0)
                                {
@@ -169,6 +170,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
                else
                        ret=i;
                }
+        if (ret < 0)
+                return 0;
        *pp=p;
        *rl=ret;
        return(1);
@@ -406,7 +409,7 @@ int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)
 void asn1_add_error(unsigned char *address, int offset)
        {
-        char buf1[16],buf2[16];
+        char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
        sprintf(buf1,"%lu",(unsigned long)address);
        sprintf(buf2,"%d",offset);