--- file-5.33/src/der.c~	2018-06-17 13:03:38.680169477 +0200
+++ file-5.33/src/der.c	2018-06-17 13:03:42.128607756 +0200
@@ -199,7 +199,7 @@
 	for (i = 0; i < digits; i++)
 		len = (len << 8) | c[(*p)++];
 
-	if (*p + len >= l)
+	if (len > UINT32_MAX - *p || *p + len >= l)
 		return DER_BAD;
 	return CAST(uint32_t, len);
 }