diff -urN strongswan-2.8.9/programs/pluto/asn1.c strongswan-2.8.9_asn1_rdn/programs/pluto/asn1.c
--- strongswan-2.8.9/programs/pluto/asn1.c	2006-01-04 22:00:43.000000000 +0100
+++ strongswan-2.8.9_asn1_rdn/programs/pluto/asn1.c	2009-06-18 23:45:32.000000000 +0200
@@ -189,6 +189,13 @@
 	len = 256*len + *blob->ptr++;
 	blob->len--;
     }
+    if (len > blob->len)
+    {
+	DBG(DBG_PARSING,
+	    DBG_log("length is larger than remaining blob size")
+	)
+	return ASN1_INVALID_LENGTH;
+    }
     return len;
 }
 
@@ -585,7 +592,7 @@
 
     blob1->len = asn1_length(blob);
 
-    if (blob1->len == ASN1_INVALID_LENGTH || blob->len < blob1->len)
+    if (blob1->len == ASN1_INVALID_LENGTH)
     {
 	DBG(DBG_PARSING,
 	    DBG_log("L%d - %s:  length of ASN.1 object invalid or too large",