From 31c491504e12f2d2b65a6cb8850858532b38552b Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Tue, 18 Mar 2014 12:27:14 -0400
Subject: [PATCH] evtag: detect tags over 32-bits earlier

---
 event_tagging.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/event_tagging.c b/event_tagging.c
index 7edd3da5..aef33783 100644
--- a/event_tagging.c
+++ b/event_tagging.c
@@ -210,7 +210,14 @@ decode_tag_internal(ev_uint32_t *ptag, struct evbuffer *evbuf, int dodrain)
 
 	while (count++ < len) {
 		ev_uint8_t lower = *data++;
-		number |= (lower & 0x7f) << shift;
+		if (shift >= 28) {
+			/* Make sure it fits into 32 bits */
+			if (shift > 28)
+				return (-1);
+			if ((lower & 0x7f) > 15)
+				return (-1);
+		}
+		number |= (lower & (unsigned)0x7f) << shift;
 		shift += 7;
 
 		if (!(lower & 0x80)) {
-- 
2.50.1