7 files changed, 38 insertions, 11 deletions
diff --git a/lib/ASN1.c b/lib/ASN1.c
index 3d60e71..586dcca 100644
--- a/lib/ASN1.c
+++ b/lib/ASN1.c
@@ -2685,7 +2685,7 @@ _asn1_yylex ()
 
       /* Is STRING a number? */
       for (k = 0; k < counter; k++)
-        if (!isdigit (string[k]))
+        if (!isdigit ((int)string[k]))
           break;
       if (k >= counter)
         {
diff --git a/lib/ASN1.y b/lib/ASN1.y
index 174ffde..534a9f1 100644
--- a/lib/ASN1.y
+++ b/lib/ASN1.y
@@ -575,7 +575,7 @@ _asn1_yylex ()
 
       /* Is STRING a number? */
       for (k = 0; k < counter; k++)
-        if (!isdigit (string[k]))
+        if (!isdigit ((int)string[k]))
           break;
       if (k >= counter)
         {
diff --git a/lib/decoding.c b/lib/decoding.c
index c2e6027..2240b09 100644
--- a/lib/decoding.c
+++ b/lib/decoding.c
@@ -329,10 +329,10 @@ _asn1_get_time_der (unsigned type, const unsigned char *der, int der_len, int *r
   if (str_len < 8)
     {
       warn();
-      return ASN1_DER_ERROR;
+      return ASN1_TIME_ENCODING_ERROR;
     }
 
-  if (flags & ASN1_DECODE_FLAG_STRICT_DER)
+  if ((flags & ASN1_DECODE_FLAG_STRICT_DER) && !(flags & ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME))
     {
       p = &der[len_len];
       for (i=0;i<(unsigned)(str_len-1);i++)
@@ -359,14 +359,14 @@ _asn1_get_time_der (unsigned type, const unsigned char *der, int der_len, int *r
                  }
 
                warn();
-               return ASN1_DER_ERROR;
+               return ASN1_TIME_ENCODING_ERROR;
              }
          }
 
       if (sign_count == 0 && p[str_len-1] != 'Z')
         {
           warn();
-          return ASN1_DER_ERROR;
+          return ASN1_TIME_ENCODING_ERROR;
         }
     }
   memcpy (str, der + len_len, str_len);
@@ -1305,7 +1305,12 @@ asn1_der_decoding2 (asn1_node *element, const void *ider, int *max_ider_len,
 		    {		/* indefinite length method */
 		      if (!HAVE_TWO(ider_len) || ((der[counter]) || der[counter + 1]))
 			{
-			  _asn1_append_sequence_set (p, &tcache);
+			  result = _asn1_append_sequence_set (p, &tcache);
+			  if (result != 0)
+			    {
+                              warn();
+		              goto cleanup;
+		            }
 			  p = tcache.tail;
 			  move = RIGHT;
 			  continue;
@@ -1321,7 +1326,12 @@ asn1_der_decoding2 (asn1_node *element, const void *ider, int *max_ider_len,
 		    {		/* definite length method */
 		      if (len2 > counter)
 			{
-			  _asn1_append_sequence_set (p, &tcache);
+			  result = _asn1_append_sequence_set (p, &tcache);
+			  if (result != 0)
+			    {
+                              warn();
+		              goto cleanup;
+		            }
 			  p = tcache.tail;
 			  move = RIGHT;
 			  continue;
@@ -1375,7 +1385,14 @@ asn1_der_decoding2 (asn1_node *element, const void *ider, int *max_ider_len,
 			     || (type_field (p2->type) == ASN1_ETYPE_SIZE))
 			p2 = p2->right;
 		      if (p2->right == NULL)
-			_asn1_append_sequence_set (p, &tcache);
+		        {
+			  result = _asn1_append_sequence_set (p, &tcache);
+			  if (result != 0)
+			    {
+                              warn();
+		              goto cleanup;
+		            }
+			}
 		      p = p2;
 		    }
 		}
diff --git a/lib/element.c b/lib/element.c
index 756e41a..b09f826 100644
--- a/lib/element.c
+++ b/lib/element.c
@@ -128,7 +128,7 @@ _asn1_convert_integer (const unsigned char *value, unsigned char *value_out,
   return ASN1_SUCCESS;
 }
 
-/* Appends a new element into the sequent (or set) defined by this
+/* Appends a new element into the sequence (or set) defined by this
  * node. The new element will have a name of '?number', where number
  * is a monotonically increased serial number.
  *
diff --git a/lib/errors.c b/lib/errors.c
index e9fa302..fef45ae 100644
--- a/lib/errors.c
+++ b/lib/errors.c
@@ -52,6 +52,7 @@ static const libtasn1_error_entry error_algorithms[] = {
   LIBTASN1_ERROR_ENTRY (ASN1_NAME_TOO_LONG),
   LIBTASN1_ERROR_ENTRY (ASN1_ARRAY_ERROR),
   LIBTASN1_ERROR_ENTRY (ASN1_ELEMENT_NOT_EMPTY),
+  LIBTASN1_ERROR_ENTRY (ASN1_TIME_ENCODING_ERROR),
   {0, 0}
 };
 
diff --git a/lib/libtasn1.h b/lib/libtasn1.h
index 4ad01e7..626b11e 100644
--- a/lib/libtasn1.h
+++ b/lib/libtasn1.h
@@ -44,7 +44,7 @@ extern "C"
 {
 #endif
 
-#define ASN1_VERSION "4.10"
+#define ASN1_VERSION "4.12"
 
 #if defined(__GNUC__) && !defined(ASN1_INTERNAL_BUILD)
 # define _ASN1_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__)
@@ -78,6 +78,7 @@ extern "C"
 #define ASN1_NAME_TOO_LONG		15
 #define ASN1_ARRAY_ERROR		16
 #define ASN1_ELEMENT_NOT_EMPTY		17
+#define ASN1_TIME_ENCODING_ERROR	18
 
   /*************************************/
   /* Constants used in asn1_visit_tree */
@@ -190,6 +191,8 @@ extern "C"
 #define ASN1_DECODE_FLAG_ALLOW_PADDING 1
 /* This flag would ensure that no BER decoding takes place */
 #define ASN1_DECODE_FLAG_STRICT_DER (1<<1)
+/* This flag will tolerate Time encoding errors when in strict DER */
+#define ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME (1<<2)
 
 
   struct asn1_data_node_st
diff --git a/lib/parser_aux.c b/lib/parser_aux.c
index b4a7370..976ab38 100644
--- a/lib/parser_aux.c
+++ b/lib/parser_aux.c
@@ -120,6 +120,9 @@ asn1_find_node (asn1_node pointer, const char *name)
       if (n_end)
 	{
 	  nsize = n_end - n_start;
+	  if (nsize >= sizeof(n))
+		return NULL;
+
 	  memcpy (n, n_start, nsize);
 	  n[nsize] = 0;
 	  n_start = n_end;
@@ -158,6 +161,9 @@ asn1_find_node (asn1_node pointer, const char *name)
       if (n_end)
 	{
 	  nsize = n_end - n_start;
+	  if (nsize >= sizeof(n))
+		return NULL;
+
 	  memcpy (n, n_start, nsize);
 	  n[nsize] = 0;
 	  n_start = n_end;