Subject: PR/6: tobias: out of boundary read in DER parser
Origin: FILE5_33-34-g72e9a7fe <https://github.com/file/file/commit/FILE5_33-34-g72e9a7fe>
Upstream-Author: Christos Zoulas <christos@zoulas.com>
Date: Sat Jun 23 15:15:26 2018 +0000

--- a/src/der.c
+++ b/src/der.c
@@ -199,7 +199,7 @@
 	for (i = 0; i < digits; i++)
 		len = (len << 8) | c[(*p)++];
 
-	if (*p + len >= l)
+	if (len > UINT32_MAX - *p || *p + len >= l)
 		return DER_BAD;
 	return CAST(uint32_t, len);
 }