- len = LDAP_MAX_ATTR_LEN;
- if ( ber_scanf( *ber, "{x{{sx}", ld->ld_attrbuffer, &len )
- == LBER_ERROR ) {
+ tag = ber_scanf( ber, "{xl{" /*}}*/, &len );
+ if( tag == LBER_ERROR ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ ber_free( ber, 0 );
+ return NULL;
+ }
+
+ /* set the length to avoid overrun */
+ rc = ber_set_option( ber, LBER_OPT_REMAINING_BYTES, &len );
+ if( rc != LBER_OPT_SUCCESS ) {
+ ld->ld_errno = LDAP_LOCAL_ERROR;
+ ber_free( ber, 0 );
+ return NULL;
+ }
+
+ if ( ber_pvt_ber_remaining( ber ) == 0 ) {
+ assert( len == 0 );
+ ber_free( ber, 0 );
+ return NULL;
+ }
+ assert( len != 0 );
+
+ /* snatch the first attribute */
+ tag = ber_scanf( ber, "{ax}", &attr );
+ if( tag == LBER_ERROR ) {