From b3f85186e0faa2d60d311bb2a6008831a366ac45 Mon Sep 17 00:00:00 2001
From: rob <>
Date: Sun, 12 May 2019 17:42:14 +0000
Subject: [PATCH] In long form encoding, explicitly prohibit an initial length
 octet of 0xff which is reserved for future use.

ok claudio@
---
 src/lib/libutil/ber.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/lib/libutil/ber.c b/src/lib/libutil/ber.c
index d6952515..de13e485 100644
--- a/src/lib/libutil/ber.c
+++ b/src/lib/libutil/ber.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ber.c,v 1.1 2019/05/11 17:46:02 rob Exp $ */
+/*	$OpenBSD: ber.c,v 1.2 2019/05/12 17:42:14 rob Exp $ */
 
 /*
  * Copyright (c) 2007, 2012 Reyk Floeter <reyk@openbsd.org>
@@ -1151,6 +1151,12 @@ get_len(struct ber *b, ssize_t *len)
 		return -1;
 	}
 
+	if (u == 0xff) {
+		/* Reserved for future use. */
+		errno = EINVAL;
+		return -1;
+	}
+
 	n = u & ~BER_TAG_MORE;
 	if (sizeof(ssize_t) < n) {
 		errno = ERANGE;