From 249202d8c04fae245ee373e7926484e33822c905 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Tue, 22 Dec 2015 13:50:54 +0100
Subject: [PATCH] asn1: Add overflow check to asn1_write

Found by pure code reading :-)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
---
 lib/util/asn1.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/util/asn1.c b/lib/util/asn1.c
index 98cd41c47ce..6f51820949a 100644
--- a/lib/util/asn1.c
+++ b/lib/util/asn1.c
@@ -40,6 +40,12 @@ void asn1_free(struct asn1_data *data)
 bool asn1_write(struct asn1_data *data, const void *p, int len)
 {
 	if (data->has_error) return false;
+
+	if ((len < 0) || (data->ofs + (size_t)len < data->ofs)) {
+		data->has_error = true;
+		return false;
+	}
+
 	if (data->length < data->ofs+len) {
 		uint8_t *newp;
 		newp = talloc_realloc(data, data->data, uint8_t, data->ofs+len);
-- 
2.34.1