Fix memory error in asn1_get_bitstring_null()

When *len is 0, **p would be read, which is out of bounds.

library/asn1parse.c

@@ -220,7 +220,7 @@ int asn1_get_bitstring_null( unsigned char **p, const unsigned char *end,
     if( ( ret = asn1_get_tag( p, end, len, ASN1_BIT_STRING ) ) != 0 )
         return( ret );
 
-    if( --*len < 1 || *(*p)++ != 0 )
+    if( (*len)-- < 2 || *(*p)++ != 0 )
         return( POLARSSL_ERR_ASN1_INVALID_DATA );
 
     return( 0 );

tests/suites/test_suite_x509parse.data

@@ -520,7 +520,7 @@ X509 Certificate ASN1 (TBSCertificate, pubkey, no bitstring)
 x509parse_crt:"30673065a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101010500":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_OUT_OF_DATA
 
 X509 Certificate ASN1 (TBSCertificate, pubkey, no bitstring data)
-x509parse_crt:"30693067a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000300":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"30693067a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000300":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_INVALID_DATA
 
 X509 Certificate ASN1 (TBSCertificate, pubkey, invalid bitstring start)
 x509parse_crt:"306a3068a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743012300d06092A864886F70D0101010500030101":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_INVALID_DATA