From 9d258bd6e0dbf8c42fc0fd1240ba67b509b131b7 Mon Sep 17 00:00:00 2001
From: rob <>
Date: Sat, 1 Jun 2019 19:40:05 +0000
Subject: [PATCH] Limit maximum number of length octets to platform independent
 sizeof(int32_t).

Problem noticed by bluhm@. Discussed on hackers.

ok claudio@
---
 src/lib/libutil/ber.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/lib/libutil/ber.c b/src/lib/libutil/ber.c
index 42a8834e..3be9d93e 100644
--- a/src/lib/libutil/ber.c
+++ b/src/lib/libutil/ber.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ber.c,v 1.8 2019/05/21 13:29:44 rob Exp $ */
+/*	$OpenBSD: ber.c,v 1.9 2019/06/01 19:40:05 rob Exp $ */
 
 /*
  * Copyright (c) 2007, 2012 Reyk Floeter <reyk@openbsd.org>
@@ -1164,7 +1164,10 @@ get_len(struct ber *b, ssize_t *len)
 	}
 
 	n = u & ~BER_TAG_MORE;
-	if (sizeof(ssize_t) < n) {
+	/*
+	 * Limit to a decent size that works on all of our architectures.
+	 */
+	if (sizeof(int32_t) < n) {
 		errno = ERANGE;
 		return -1;
 	}