From b66cb11cb836472aef93aa6f5fce37c215423b97 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Fri, 5 Jul 2013 10:10:38 -0700
Subject: [PATCH] Fixed bug in DecodeAltNames() where idx wasn't advanced past
 the length.

---
 ctaocrypt/src/asn.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c
index 140e436cb..68a4663c9 100644
--- a/ctaocrypt/src/asn.c
+++ b/ctaocrypt/src/asn.c
@@ -2374,6 +2374,7 @@ static void DecodeAltNames(byte* input, int sz, DecodedCert* cert)
     while (length > 0) {
         DNS_entry* entry;
         int        strLen;
+        word       lenStartIdx;
         byte       b = input[idx++];
 
         length--;
@@ -2383,10 +2384,12 @@ static void DecodeAltNames(byte* input, int sz, DecodedCert* cert)
             return;
         }
 
+        lenStartIdx = idx;
         if (GetLength(input, &idx, &strLen, sz) < 0) {
             CYASSL_MSG("\tfail: str length");
             return;
         }
+        length -= (idx - lenStartIdx);
 
         entry = (DNS_entry*)XMALLOC(sizeof(DNS_entry), cert->heap,
                                     DYNAMIC_TYPE_ALTNAME);