From 7b07f479377139cb67ceaab03afa76a32325f9e9 Mon Sep 17 00:00:00 2001
From: Kenneth Lundin <kenneth.lundin@ericsson.com>
Date: Tue, 4 Dec 2018 09:40:41 +0100
Subject: Handle erroneous length during decode (BER only) without crashing

---
 lib/asn1/c_src/asn1_erl_nif.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/asn1/c_src')

diff --git a/lib/asn1/c_src/asn1_erl_nif.c b/lib/asn1/c_src/asn1_erl_nif.c
index 797be6d4f8..da43af3405 100644
--- a/lib/asn1/c_src/asn1_erl_nif.c
+++ b/lib/asn1/c_src/asn1_erl_nif.c
@@ -999,7 +999,7 @@ static int ber_decode_value(ErlNifEnv* env, ERL_NIF_TERM *value, unsigned char *
 	while (*ib_index < end_index) {
 
 	    if ((maybe_ret = ber_decode(env, &term, in_buf, ib_index,
-                   *ib_index + len)) <= ASN1_ERROR
+                   end_index )) <= ASN1_ERROR
 	    )
 		return maybe_ret;
 	    curr_head = enif_make_list_cell(env, term, curr_head);
-- 
cgit v1.2.3