From 5c2ffd254416e3cca3f1557557b0ccc3e5e5c08f Mon Sep 17 00:00:00 2001
From: terrafrost <terrafrost@php.net>
Date: Sun, 28 Aug 2016 10:38:01 -0500
Subject: [PATCH] ASN1: fix infinite loop during ASN1 decode process

---
 phpseclib/File/ASN1.php      |  2 +-
 tests/Unit/File/ASN1Test.php | 10 ++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/phpseclib/File/ASN1.php b/phpseclib/File/ASN1.php
index b30493e4..b7f7c119 100644
--- a/phpseclib/File/ASN1.php
+++ b/phpseclib/File/ASN1.php
@@ -366,7 +366,7 @@ class File_ASN1
                 $newcontent = array();
                 $remainingLength = $length;
                 while ($remainingLength > 0) {
-                    $temp = $this->_decode_ber($content, $start);
+                    $temp = $this->_decode_ber($content, $start, $content_pos);
                     $length = $temp['length'];
                     // end-of-content octets - see paragraph 8.1.5
                     if (substr($content, $content_pos + $length, 2) == "\0\0") {
diff --git a/tests/Unit/File/ASN1Test.php b/tests/Unit/File/ASN1Test.php
index fe0e01b4..2708b858 100644
--- a/tests/Unit/File/ASN1Test.php
+++ b/tests/Unit/File/ASN1Test.php
@@ -289,4 +289,14 @@ class Unit_File_ASN1Test extends PhpseclibTestCase
         $this->assertInternalType('array', $decoded);
         $this->assertCount(0, $decoded[0]['content']);
     }
+
+    /**
+     * @group github1027
+     */
+    public function testInfiniteLoop()
+    {
+        $asn1 = new File_ASN1();
+        $data = base64_decode('MD6gJQYKKwYBBAGCNxQCA6AXDBVvZmZpY2VAY2VydGRpZ2l0YWwucm+BFW9mZmljZUBjZXJ0ZGlnaXRhbC5ybw==');
+        $asn1->decodeBER($data);
+    }
 }