From 71dd4e78954fce85f2891e38e78d38034c443d61 Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Thu, 29 Nov 2012 16:12:45 +0100
Subject: [PATCH] Don't handle PKCS#7 containers with infinite length encodings
 in pkcs7 plugin

---
 src/libstrongswan/plugins/pkcs7/pkcs7_generic.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/libstrongswan/plugins/pkcs7/pkcs7_generic.c b/src/libstrongswan/plugins/pkcs7/pkcs7_generic.c
index 0a8b1bbd04..13fe5f54ab 100644
--- a/src/libstrongswan/plugins/pkcs7/pkcs7_generic.c
+++ b/src/libstrongswan/plugins/pkcs7/pkcs7_generic.c
@@ -114,6 +114,12 @@ pkcs7_t *pkcs7_generic_load(container_type_t type, va_list args)
 	}
 	if (blob.len)
 	{
+		if (blob.len >= 2 &&
+			blob.ptr[0] == ASN1_SEQUENCE && blob.ptr[1] == 0x80)
+		{	/* looks like infinite lenght BER encoding, but we can't handle it.
+			 * ignore silently, our openssl backend can handle it */
+			return NULL;
+		}
 		return parse_contentInfo(blob);
 	}
 	return NULL;
-- 
2.47.2