From f273e38053537a0a735043850b7fa4caa7613f0b Mon Sep 17 00:00:00 2001
From: rob <rob@openbsd.org>
Date: Fri, 22 Jan 2021 18:27:52 +0000
Subject: [PATCH] Gracefully handle any erroneous closing bracket/brace
 trailers in ober_scanf_elements().

OK martijn@
---
 lib/libutil/ber.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/libutil/ber.c b/lib/libutil/ber.c
index 9768ed3b82a..11f8952a9c0 100644
--- a/lib/libutil/ber.c
+++ b/lib/libutil/ber.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ber.c,v 1.18 2021/01/22 03:20:56 rob Exp $ */
+/*	$OpenBSD: ber.c,v 1.19 2021/01/22 18:27:52 rob Exp $ */
 
 /*
  * Copyright (c) 2007, 2012 Reyk Floeter <reyk@openbsd.org>
@@ -781,7 +781,7 @@ ober_scanf_elements(struct ber_element *ber, char *fmt, ...)
 			continue;
 		case '}':
 		case ')':
-			if (parent[level] == NULL)
+			if (level < 0 || parent[level] == NULL)
 				goto fail;
 			ber = parent[level--];
 			ret++;
-- 
2.20.1