$OpenBSD: patch-src_dn_c,v 1.1 2016/07/01 07:40:23 jasper Exp $

CVE-2016-4574
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=6be61daac047d8e6aa941eb103f8e71a1d4e3c75

--- src/dn.c.orig	Wed Apr  8 18:37:07 2015
+++ src/dn.c	Thu Jun 30 15:59:00 2016
@@ -332,11 +332,8 @@ append_utf8_value (const unsigned char *value, size_t 
         }
       else
         {
-          if (n+nmore > length)
-            nmore = length - n; /* Oops, encoding to short */
-
           tmp[0] = *s++; n++;
-          for (i=1; i <= nmore; i++)
+          for (i=1; n < length && i <= nmore; i++)
             {
               if ( (*s & 0xc0) != 0x80)
                 break; /* Invalid encoding - let the next cycle detect this. */
