From 18d4f742928388ccd55e834f00cd7eac049bea21 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Thu, 4 Oct 2012 14:21:23 +0100
Subject: [PATCH] --- yaml --- r: 334319 b: refs/heads/master c:
 dbadc17683e6c673a69b236c0f041b931cc55c42 h: refs/heads/master i:   334317:
 9b4f5b79d90c2c2e3f2d08a953eb98525f3b2f4f   334315:
 a2d8448d19175d0f92c137bc7c38966b2963bff8   334311:
 efab349539fc97c19abd3b2e7d480a16e5c0da4d   334303:
 863e255b88f91e8fa5d3cb99bd3c8ac10f3abefc v: v3

---
 [refs]                   |  2 +-
 trunk/lib/asn1_decoder.c | 28 +++++++++++++++++++---------
 2 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/[refs] b/[refs]
index 3a359d6f9819..2747bc10a33c 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 2f1c4fef103ef914e266588af263fb42b502b347
+refs/heads/master: dbadc17683e6c673a69b236c0f041b931cc55c42
diff --git a/trunk/lib/asn1_decoder.c b/trunk/lib/asn1_decoder.c
index 2e4196ddf06f..de2c8b5a715b 100644
--- a/trunk/lib/asn1_decoder.c
+++ b/trunk/lib/asn1_decoder.c
@@ -46,12 +46,18 @@ static const unsigned char asn1_op_lengths[ASN1_OP__NR] = {
 
 /*
  * Find the length of an indefinite length object
+ * @data: The data buffer
+ * @datalen: The end of the innermost containing element in the buffer
+ * @_dp: The data parse cursor (updated before returning)
+ * @_len: Where to return the size of the element.
+ * @_errmsg: Where to return a pointer to an error message on error
  */
 static int asn1_find_indefinite_length(const unsigned char *data, size_t datalen,
-				       const char **_errmsg, size_t *_err_dp)
+				       size_t *_dp, size_t *_len,
+				       const char **_errmsg)
 {
 	unsigned char tag, tmp;
-	size_t dp = 0, len, n;
+	size_t dp = *_dp, len, n;
 	int indef_level = 1;
 
 next_tag:
@@ -67,8 +73,11 @@ static int asn1_find_indefinite_length(const unsigned char *data, size_t datalen
 		/* It appears to be an EOC. */
 		if (data[dp++] != 0)
 			goto invalid_eoc;
-		if (--indef_level <= 0)
-			return dp;
+		if (--indef_level <= 0) {
+			*_len = dp - *_dp;
+			*_dp = dp;
+			return 0;
+		}
 		goto next_tag;
 	}
 
@@ -122,7 +131,7 @@ static int asn1_find_indefinite_length(const unsigned char *data, size_t datalen
 missing_eoc:
 	*_errmsg = "Missing EOC in indefinite len cons";
 error:
-	*_err_dp = dp;
+	*_dp = dp;
 	return -1;
 }
 
@@ -315,13 +324,14 @@ int asn1_ber_decoder(const struct asn1_decoder *decoder,
 	skip_data:
 		if (!(flags & FLAG_CONS)) {
 			if (flags & FLAG_INDEFINITE_LENGTH) {
-				len = asn1_find_indefinite_length(
-					data + dp, datalen - dp, &errmsg, &dp);
-				if (len < 0)
+				ret = asn1_find_indefinite_length(
+					data, datalen, &dp, &len, &errmsg);
+				if (ret < 0)
 					goto error;
+			} else {
+				dp += len;
 			}
 			pr_debug("- LEAF: %zu\n", len);
-			dp += len;
 		}
 		pc += asn1_op_lengths[op];
 		goto next_op;