function "asn1_der_decoding" potentially causes infinite memory allocation

Description of problem:

function "asn1_der_decoding" causes infinite memory allocation when structure and input DER data are incongruent. I'm referring here to PKCS#15 TokenInfo from ASN.1 module e.g. at https://github.com/carblue/tasn1/blob/master/PKCS15.asn. Excerpt: TokenInfo ::= SEQUENCE { version INTEGER { v1(0), v2(1) }, -- (v1,...), serialNumber OCTET STRING, manufacturerID Label OPTIONAL, label [0] Label OPTIONAL, tokenflags TokenFlags, ...more fields

It happened, that my smart card's PKCS#15 EF.TokenInfo file 0x5032 got corrupted (i.e. not PKCS#15 compliant content any more: "tokenflags" were misplaced before "manufacturerID" instead correctly behind "label"), thus forming incrongruent input DER data.

Version of libtasn1 used:

4.13

Distributor of libtasn1 (e.g., Ubuntu, Fedora, RHEL)

Ubuntu (package libtasn1-6, installs Version 4.13-2)

How reproducible:

Steps to Reproduce: (the following is D language code, slightly different from C; there is no problem referring to D code as such, it works well with the "congruent buf DER input data"):

asn1_node PKCS15; string errorDescription; ubyte[] buf = new ubyte[length_of_input_data_in_bytes; 65 for my example DER input data];

    1. asn1_parser2tree ("PKCS15.asn", &PKCS15, errorDescription);
    1. asn1_create_element(PKCS15, "PKCS15.TokenInfoChoice", &structure);
    1. asn1_der_decoding(&structure, buf, errorDescription);

Example for congruent buf DER input data: 303F0201010406C0C6406881C70C1A416476616E63656420436172642053797374656D73204C74642E801243544D36345F43304336343036383831433703020420

Example for incongruent buf DER input data: 3032020101040400000000030204200C1A416476616E63656420436172642053797374656D73204C74642EA0070C05626162616E36343036383831433703020420

Actual results:

Memory allocation failed, because I "jailed" memory usage with ulimit -d -m -v : 5000000; otherwise it would crash my OS system by infinitely allocating memory !

Expected results:

Successful DER data decoding into structure based on the provided .asn module file