In long form encoding, explicitly prohibit an initial length octet of 0xff

which is reserved for future use. ok claudio@
5 years ago · b3f85186e0
--- a/src/lib/libutil/ber.c
+++ b/src/lib/libutil/ber.c
@ -1,4 +1,4 @@
 /*	$OpenBSD: ber.c,v 1.1 2019/05/11 17:46:02 rob Exp $ */
 /*	$OpenBSD: ber.c,v 1.2 2019/05/12 17:42:14 rob Exp $ */

 /*
 * Copyright (c) 2007, 2012 Reyk Floeter <reyk@openbsd.org>
@ -1151,6 +1151,12 @@ get_len(struct ber *b, ssize_t *len)
 		return -1;
 	}

 	if (u == 0xff) {
 		/* Reserved for future use. */
 		errno = EINVAL;
 		return -1;
 	}

 	n = u & ~BER_TAG_MORE;
 	if (sizeof(ssize_t) < n) {
 		errno = ERANGE;