Unchecked length can cause memory allocation error.

[AgeManning]

When de-serializing bytes, an arbitrary length of the value can be specified. When building data_buf here:
https://github.com/KizzyCode/asn1_der/blob/master/src/der/value.rs#L17
This can lead to memory crashes for arbitrary large length values. Perhaps an upper bound is required to prevent crashing applications when de serializing arbitrary byte arrays.

This can be reproduced in the following example:

use asn1_der::{Asn1Der, FromDerObject};

#[derive(Asn1Der)]
struct Test {
    inner: String,
}

fn main() {
    let bytes = [
        157, 247, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 67, 157, 1, 0,
        0, 0, 157, 157, 157, 157, 157, 157, 157, 157,
    ];
    let _ = Test::deserialize(bytes.iter());
}

[KizzyCode]

Damn, you're right; thank you!

I think the best solution for now would be to avoid any explicit preallocation and push the bytes to the vector (since vector allocates in steps this shouldn't be relevant performance degradation):

// Create buffer and fill it with `len` bytes
let mut data_buf = Vec::new();
for _ in 0..len.into() {
    data_buf.push(*source.next().ok_or(Asn1DerError::LengthMismatch)?);
}
Ok(data_buf.into())

[KizzyCode]

So, 0.6.2 is published; old versions have been yanked. Thank you very much for the issue 😊