From f6213051409cc9b81bd3fd1e4b6c331cd7914a50 Mon Sep 17 00:00:00 2001
From: Frank Morgner <frankmorgner@gmail.com>
Date: Thu, 29 Aug 2019 11:15:29 +0200
Subject: [PATCH] fixed undefined behavior when parsing negative ASN.1 Integer

---
 src/libopensc/asn1.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/libopensc/asn1.c b/src/libopensc/asn1.c
index 7df3e0a2..f6698b2e 100644
--- a/src/libopensc/asn1.c
+++ b/src/libopensc/asn1.c
@@ -707,17 +707,19 @@ static int encode_bit_field(const u8 *inbuf, size_t inlen,
 
 int sc_asn1_decode_integer(const u8 * inbuf, size_t inlen, int *out)
 {
-	int    a = 0;
+	int    a = 0, is_negative = 0;
 	size_t i;
 
 	if (inlen > sizeof(int) || inlen == 0)
 		return SC_ERROR_INVALID_ASN1_OBJECT;
 	if (inbuf[0] & 0x80)
-		a = -1;
+		is_negative = 1;
 	for (i = 0; i < inlen; i++) {
 		a <<= 8;
 		a |= *inbuf++;
 	}
+	if (is_negative)
+		a *= -1;
 	*out = a;
 	return 0;
 }