Merge branch 'fixes-v4.14-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull key handling fix from James Morris:
 "Fix by Eric Biggers for the keys subsystem"

* 'fixes-v4.14-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  KEYS: fix NULL pointer dereference during ASN.1 parsing [ver #2]

1 files changed, 2 insertions, 2 deletions

diff --git a/lib/asn1_decoder.c b/lib/asn1_decoder.c
index fef5d2e114be..1ef0cec38d78 100644
--- a/lib/asn1_decoder.c
+++ b/lib/asn1_decoder.c
@@ -228,7 +228,7 @@ next_op:
                 hdr = 2;
 
                 /* Extract a tag from the data */
-                if (unlikely(dp >= datalen - 1))
+                if (unlikely(datalen - dp < 2))
                         goto data_overrun_error;
                 tag = data[dp++];
                 if (unlikely((tag & 0x1f) == ASN1_LONG_TAG))
@@ -274,7 +274,7 @@ next_op:
                                 int n = len - 0x80;
                                 if (unlikely(n > 2))
                                         goto length_too_long;
-                                if (unlikely(dp >= datalen - n))
+                                if (unlikely(n > datalen - dp))
                                         goto data_overrun_error;
                                 hdr += n;
                                 for (len = 0; n > 0; n--) {