From 9c656f6e2decd94106283fefc395a45823b64c28 Mon Sep 17 00:00:00 2001
From: Tom Yu <tlyu@mit.edu>
Date: Tue, 31 Aug 2004 19:44:39 +0000
Subject: [PATCH] pullup to 1.2.x from trunk

ticket: 2687

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-2-2-branch@16707 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/krb5/asn.1/ChangeLog | 2 ++
 src/lib/krb5/asn.1/asn1buf.c | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/src/lib/krb5/asn.1/ChangeLog b/src/lib/krb5/asn.1/ChangeLog
index cbead8c2f2..38513cc543 100644
--- a/src/lib/krb5/asn.1/ChangeLog
+++ b/src/lib/krb5/asn.1/ChangeLog
@@ -1,5 +1,7 @@
 2004-08-31  Tom Yu  <tlyu@mit.edu>
 
+	* asn1buf.c: Fix denial-of-service bug.
+
 	* asn1buf.c:
 	* krb5_decode.c: Fix double-free vulnerabilities.
 
diff --git a/src/lib/krb5/asn.1/asn1buf.c b/src/lib/krb5/asn.1/asn1buf.c
index d57cf0fd73..bcaac68e5f 100644
--- a/src/lib/krb5/asn.1/asn1buf.c
+++ b/src/lib/krb5/asn.1/asn1buf.c
@@ -140,6 +140,8 @@ asn1_error_code asn1buf_skiptail(buf, length, indef)
       return ASN1_OVERRUN;
   }
   while (nestlevel > 0) {
+    if (buf->bound - buf->next + 1 <= 0)
+      return ASN1_OVERRUN;
     retval = asn1_get_tag_indef(buf, &class, &construction, &tagnum,
 				&taglen, &tagindef);
     if (retval) return retval;
-- 
2.47.2