--- libraries/liblber/decode.c	2000/10/12 19:52:39	1.34.6.6
+++ libraries/liblber/decode.c	2001/05/06 19:53:57	1.34.6.7
@@ -1,5 +1,5 @@
 /* decode.c - ber input decoding routines */
-/* $OpenLDAP: pkg/ldap/libraries/liblber/decode.c,v 1.34.6.5 2000/10/02 17:26:31 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/decode.c,v 1.34.6.6 2000/10/12 19:52:39 kurt Exp $ */
 /*
  * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
@@ -137,6 +137,11 @@ ber_skip_tag( BerElement *ber, ber_len_t
 		*len = lc;
 	}
 
+	/* BER element should have enough data left */
+	if( *len > ber_pvt_ber_remaining( ber ) ) {
+		return LBER_DEFAULT;
+	}
+
 	return tag;
 }
 
@@ -252,7 +257,9 @@ ber_get_stringb(
 	if ( (tag = ber_skip_tag( ber, &datalen )) == LBER_DEFAULT ) {
 		return LBER_DEFAULT;
 	}
-	if ( datalen > (*len - 1) ) {
+
+	/* must fit within allocated space with termination */
+	if ( datalen >= *len ) {
 		return LBER_DEFAULT;
 	}