From ca2a9324858b6b5a87fde8ce8a5fb2365c85db35 Mon Sep 17 00:00:00 2001
From: Kees Monshouwer <mind04@monshouwer.org>
Date: Thu, 22 Jun 2017 13:21:54 +0200
Subject: [PATCH] fix multiple leading zeros padding in ECDSA sig conversion

---
 .../verisignlabs/dnssec/security/SignUtils.java    | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/com/verisignlabs/dnssec/security/SignUtils.java b/src/com/verisignlabs/dnssec/security/SignUtils.java
index 5ef1923..35be19d 100644
--- a/src/com/verisignlabs/dnssec/security/SignUtils.java
+++ b/src/com/verisignlabs/dnssec/security/SignUtils.java
@@ -527,18 +527,18 @@ public class SignUtils
     len = (byte) (6 + r_src_len + s_src_len);
 
     // leading zeroes are forbidden
-    if (signature[r_src_pos] == 0) {
-       r_src_pos++; r_src_len--; len--;
+    while (signature[r_src_pos] == 0 && r_src_len > 0) {
+      r_src_pos++; r_src_len--; len--;
     }
-    if (signature[s_src_pos] == 0) {
-       s_src_pos++; s_src_len--; len--;
+    while (signature[s_src_pos] == 0 && s_src_len > 0) {
+      s_src_pos++; s_src_len--; len--;
     }
 
     // except when they are mandatory
-    if (signature[r_src_pos] < 0) {
-        r_pad = 1; len++;
+    if (r_src_len > 0 && signature[r_src_pos] < 0) {
+      r_pad = 1; len++;
     }
-    if (signature[s_src_pos] < 0) {
+    if (s_src_len > 0 && signature[s_src_pos] < 0) {
       s_pad = 1; len++;
     }
     byte[] sig = new byte[len];