CVE-2014-3468

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Upstream commits:
1c3ccb3e040bf13e342ee60bc23b21b97b11923f
f245088c5bd6c7e9bea18e5601ee24d431531558

--- libtasn1-3-2.13.orig/lib/decoding.c
+++ libtasn1-3-2.13/lib/decoding.c
@@ -226,7 +226,7 @@ asn1_get_octet_der (const unsigned char
 		    int *ret_len, unsigned char *str, int str_size,
 		    int *str_len)
 {
-  int len_len;
+  int len_len = 0;
 
   if (der_len <= 0)
     return ASN1_GENERIC_ERROR;
@@ -349,7 +349,7 @@ asn1_get_bit_der (const unsigned char *d
 		  int *ret_len, unsigned char *str, int str_size,
 		  int *bit_len)
 {
-  int len_len, len_byte;
+  int len_len = 0, len_byte;
 
   if (der_len <= 0)
     return ASN1_GENERIC_ERROR;
@@ -359,6 +359,9 @@ asn1_get_bit_der (const unsigned char *d
 
   *ret_len = len_byte + len_len + 1;
   *bit_len = len_byte * 8 - der[len_len];
+  
+  if (*bit_len < 0)
+    return ASN1_DER_ERROR;
 
   if (str_size >= len_byte)
     memcpy (str, der + len_len + 1, len_byte);