hoist "set length" to before calling any decode function

diff --git a/src/protocols/der/decode.c b/src/protocols/der/decode.c
index c6c824f0b609e1dd56c28bbfd24f59bdc46ad546..9d964f64a69ecc16c22afb873135a063da425137 100644 (file)
--- a/src/protocols/der/decode.c
+++ b/src/protocols/der/decode.c
@@ -2584,6 +2584,11 @@ static ssize_t fr_der_decode_pair_dbuff(TALLOC_CTX *ctx, fr_pair_list_t *out, fr
                return -1;
        }
 
+       /*
+        *      Limit the length of the data to be decoded.
+        */
+       fr_dbuff_set_end(&our_in, fr_dbuff_current(&our_in) + len);
+
        if (flags->is_extensions) {
                slen = fr_der_decode_x509_extensions(ctx, out, &our_in, parent, decode_ctx);
                if (slen <= 0) return slen;
@@ -2594,6 +2599,7 @@ static ssize_t fr_der_decode_pair_dbuff(TALLOC_CTX *ctx, fr_pair_list_t *out, fr
        func = &type_funcs[parent->type];
        if (!func->decode) func = &tag_funcs[tag];
        fr_assert(func != NULL);
+       fr_assert(func->decode != NULL);
 
        /*
         *      Enforce limits on min/max.
@@ -2648,13 +2654,6 @@ static ssize_t fr_der_decode_pair_dbuff(TALLOC_CTX *ctx, fr_pair_list_t *out, fr
                break;
        }
 
-       /*
-        *      Limit the length of the data to be decoded.
-        */
-       fr_dbuff_set_end(&our_in, fr_dbuff_current(&our_in) + len);
-
-       fr_assert(func->decode != NULL);
-
        /*
         *      The decode function can return 0 if len==0.  This is true for 'null' data types, and
         *      for variable-sized types such as strings.