From c4909d95f1d6433fe2416625ef24980fa553d7ad Mon Sep 17 00:00:00 2001
From: Paul Bakker <p.j.bakker@polarssl.org>
Date: Wed, 12 Oct 2011 09:52:22 +0000
Subject: [PATCH]  - Inceased maximum size of ASN1 length reads to 32-bits

---
 ChangeLog           |  1 +
 library/x509parse.c | 16 ++++++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index df4dd7ab1..bf33cf7d4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,7 @@ Changes
    * Documentation for AES and Camellia in modes CTR and CFB128 clarified.
    * Fixed rsa_encrypt and rsa_decrypt examples to use public key for
      encryption and private key for decryption. (Closes ticket #34)
+   * Inceased maximum size of ASN1 length reads to 32-bits.
 
 Bugfix
    * Fixed faulty HMAC-MD2 implementation. Found by dibac. (Closes
diff --git a/library/x509parse.c b/library/x509parse.c
index 58399eb48..e359ca7ac 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -89,6 +89,22 @@ static int asn1_get_len( unsigned char **p,
             (*p) += 3;
             break;
 
+        case 3:
+            if( ( end - *p ) < 4 )
+                return( POLARSSL_ERR_ASN1_OUT_OF_DATA );
+
+            *len = ( (*p)[1] << 16 ) | ( (*p)[2] << 8 ) | (*p)[3];
+            (*p) += 4;
+            break;
+
+        case 4:
+            if( ( end - *p ) < 5 )
+                return( POLARSSL_ERR_ASN1_OUT_OF_DATA );
+
+            *len = ( (*p)[1] << 24 ) | ( (*p)[2] << 16 ) | ( (*p)[3] << 8 ) | (*p)[4];
+            (*p) += 5;
+            break;
+
         default:
             return( POLARSSL_ERR_ASN1_INVALID_LENGTH );
         }