$OpenBSD: patch-src_ocsp_c,v 1.1 2016/07/01 07:40:23 jasper Exp $

CVE-2016-4579
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=a7eed17a0b2a1c09ef986f3b4b323cd31cea2b64

--- src/ocsp.c.orig	Fri Mar 15 20:26:38 2013
+++ src/ocsp.c	Thu Jun 30 15:58:00 2016
@@ -231,6 +231,8 @@ parse_asntime_into_isotime (unsigned char const **buf,
               && (ti.tag == TYPE_UTC_TIME || ti.tag == TYPE_GENERALIZED_TIME)
               && !ti.is_constructed) )
     err = gpg_error (GPG_ERR_INV_OBJ);
+  else if (ti.length > *len)
+    err = gpg_error (GPG_ERR_INV_BER);
   else if (!(err = _ksba_asntime_to_iso (*buf, ti.length,
                                          ti.tag == TYPE_UTC_TIME, isotime)))
     parse_skip (buf, len, &ti);
