Hi, I've dug a little further to the previously reported issue, and it seems there is an issue in asn1_find_node() if someone provides in calls like asn1_read_value() a name which contains more than 65 characters between two dots.
That however I'd expect to be a very uncommon usage of libtasn1, which is typically something like: asn1_read_value(node, "tbsResponseData.responderID.byKey", data, &len); That is the name is provided as a constant from the developer and these names cannot be more than 64-variables in the '.asn' files parsed by libtasn1. I do not believe that the library can even cope with malicious input to that field as can be underlined by the bug. There will be a release in the following days including that fix, however, I'd appreciate a second pair of eyes on that issue and fix. The issue was fixed in: https://gitlab.com/gnutls/libtasn1/commit/55207 04d075802df25ce4ffccc010ba1641bd484 Two test cases were introduced at: https://gitlab.com/gnutls/libtasn1/commit/e43badf76307e1484fb257f271ff9a4f59258c7e https://gitlab.com/gnutls/libtasn1/commit/1273c97343c2070a28cfa1f1dd55599ca87106e2 regards, Nikos
