From: Alan T. DeKok <aland@freeradius.org>
Date: Thu, 27 Feb 2025 16:10:19 +0000 (-0500)
Subject: hoist "set length" to before calling any decode function
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5aff20bd237ffd891638de45cdfd966e78fb3ac9;p=thirdparty%2Ffreeradius-server.git

hoist "set length" to before calling any decode function
---

diff --git a/src/protocols/der/decode.c b/src/protocols/der/decode.c
index c6c824f0b6..9d964f64a6 100644
--- a/src/protocols/der/decode.c
+++ b/src/protocols/der/decode.c
@@ -2584,6 +2584,11 @@ static ssize_t fr_der_decode_pair_dbuff(TALLOC_CTX *ctx, fr_pair_list_t *out, fr
 		return -1;
 	}
 
+	/*
+	 *	Limit the length of the data to be decoded.
+	 */
+	fr_dbuff_set_end(&our_in, fr_dbuff_current(&our_in) + len);
+
 	if (flags->is_extensions) {
 		slen = fr_der_decode_x509_extensions(ctx, out, &our_in, parent, decode_ctx);
 		if (slen <= 0) return slen;
@@ -2594,6 +2599,7 @@ static ssize_t fr_der_decode_pair_dbuff(TALLOC_CTX *ctx, fr_pair_list_t *out, fr
 	func = &type_funcs[parent->type];
 	if (!func->decode) func = &tag_funcs[tag];
 	fr_assert(func != NULL);
+	fr_assert(func->decode != NULL);
 
 	/*
 	 *	Enforce limits on min/max.
@@ -2648,13 +2654,6 @@ static ssize_t fr_der_decode_pair_dbuff(TALLOC_CTX *ctx, fr_pair_list_t *out, fr
 		break;
 	}
 
-	/*
-	 *	Limit the length of the data to be decoded.
-	 */
-	fr_dbuff_set_end(&our_in, fr_dbuff_current(&our_in) + len);
-
-	fr_assert(func->decode != NULL);
-
 	/*
 	 *	The decode function can return 0 if len==0.  This is true for 'null' data types, and
 	 *	for variable-sized types such as strings.