From 2cd24473b8e41b54f1dafc16c7b5adee8c224446 Mon Sep 17 00:00:00 2001
From: Michael Brown <mcb30@ipxe.org>
Date: Thu, 22 Mar 2012 02:10:17 +0000
Subject: [PATCH] [crypto] Avoid an error when asn1_shrink() is already at end
 of object

asn1_skip() will return an error on reaching the end of an object, and
so should not be used as the basis for asn1_shrink().

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 src/crypto/asn1.c | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/src/crypto/asn1.c b/src/crypto/asn1.c
index cd502502..2eab3422 100644
--- a/src/crypto/asn1.c
+++ b/src/crypto/asn1.c
@@ -220,16 +220,21 @@ int asn1_skip ( struct asn1_cursor *cursor, unsigned int type ) {
  * invalidated.
  */
 int asn1_shrink ( struct asn1_cursor *cursor, unsigned int type ) {
-	struct asn1_cursor next;
-	int rc;
+	struct asn1_cursor temp;
+	const void *end;
+	int len;
 
-	/* Skip to next object */
-	memcpy ( &next, cursor, sizeof ( next ) );
-	if ( ( rc = asn1_skip ( &next, type ) ) != 0 )
-		return rc;
+	/* Find end of object */
+	memcpy ( &temp, cursor, sizeof ( temp ) );
+	len = asn1_start ( &temp, type );
+	if ( len < 0 ) {
+		asn1_invalidate_cursor ( cursor );
+		return len;
+	}
+	end = ( temp.data + len );
 
 	/* Shrink original cursor to contain only its first object */
-	cursor->len = ( next.data - cursor->data );
+	cursor->len = ( end - cursor->data );
 
 	return 0;
 }