From ae999721e61884874a36567bf83e4037e204d7c9 Mon Sep 17 00:00:00 2001
From: jsing <jsing@openbsd.org>
Date: Thu, 9 Dec 2021 16:58:44 +0000
Subject: [PATCH] Pull the recursion depth check up to the top of
 asn1_collect()

ok inoguchi@ tb@
---
 lib/libcrypto/asn1/tasn_dec.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/lib/libcrypto/asn1/tasn_dec.c b/lib/libcrypto/asn1/tasn_dec.c
index b1fb5886c40..aa97bc8f4ef 100644
--- a/lib/libcrypto/asn1/tasn_dec.c
+++ b/lib/libcrypto/asn1/tasn_dec.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tasn_dec.c,v 1.42 2021/12/09 16:56:15 jsing Exp $ */
+/* $OpenBSD: tasn_dec.c,v 1.43 2021/12/09 16:58:44 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -1020,6 +1020,11 @@ asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, char inf,
 	long plen;
 	char cst, ininf;
 
+	if (depth > ASN1_MAX_STRING_NEST) {
+		ASN1error(ASN1_R_NESTED_ASN1_STRING);
+		return 0;
+	}
+
 	p = *in;
 	inf &= 1;
 
@@ -1045,10 +1050,6 @@ asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, char inf,
 
 		/* If indefinite length constructed update max length */
 		if (cst) {
-			if (depth >= ASN1_MAX_STRING_NEST) {
-				ASN1error(ASN1_R_NESTED_ASN1_STRING);
-				return 0;
-			}
 			if (!asn1_collect(buf, &p, plen, ininf, tag, aclass,
 			    depth + 1))
 				return 0;
-- 
2.20.1