From 88c47c0afd0e8bb062793452d8ad6a499183da7b Mon Sep 17 00:00:00 2001
From: dishmaker <141624503+dishmaker@users.noreply.github.com>
Date: Fri, 22 Aug 2025 12:59:32 +0200
Subject: [PATCH 1/2] der: add `read_nested` tests for `SetOf` and `SequenceOf`

---
 der/src/asn1/sequence_of.rs | 23 ++++++++++++++++++++++-
 der/src/asn1/set_of.rs      | 21 ++++++++++++++++++++-
 der/src/reader/slice.rs     | 22 ++++++++++++++++++++++
 3 files changed, 64 insertions(+), 2 deletions(-)

diff --git a/der/src/asn1/sequence_of.rs b/der/src/asn1/sequence_of.rs
index 5929d6e7d..5a331980b 100644
--- a/der/src/asn1/sequence_of.rs
+++ b/der/src/asn1/sequence_of.rs
@@ -245,7 +245,11 @@ where
 #[cfg(test)]
 mod tests {
     use crate::asn1::SequenceOf;
-    use crate::ord::DerOrd;
+    use crate::{DerOrd, Length, Decode, ErrorKind};
+
+
+    use hex_literal::hex;
+
 
     #[test]
     fn sequenceof_valueord_value_cmp() {
@@ -265,4 +269,21 @@ mod tests {
         };
         assert_eq!(arr1.der_cmp(&arr2), Ok(Ordering::Greater));
     }
+
+    #[test]
+    fn sequenceof_data_too_short() {
+        let invalid_data = &hex!(
+            "3002" // SEQUENCE tag and length (shorter than actual data)
+                "0201" // INTEGER tag and length
+                    "05"
+        );
+        let err = SequenceOf::<u16, 5>::from_der(invalid_data).unwrap_err();
+        assert_eq!(
+            ErrorKind::Incomplete {
+                expected_len: Length::new(5),
+                actual_len: Length::new(4)
+            },
+            err.kind()
+        );
+    }
 }
diff --git a/der/src/asn1/set_of.rs b/der/src/asn1/set_of.rs
index b1452c4f8..cd22b1721 100644
--- a/der/src/asn1/set_of.rs
+++ b/der/src/asn1/set_of.rs
@@ -478,7 +478,9 @@ mod tests {
     use super::SetOf;
     #[cfg(feature = "alloc")]
     use super::SetOfVec;
-    use crate::{DerOrd, ErrorKind};
+    use crate::{Decode, DerOrd, ErrorKind, Length};
+
+    use hex_literal::hex;
 
     #[test]
     fn setof_tryfrom_array() {
@@ -505,6 +507,23 @@ mod tests {
         assert_eq!(set1.der_cmp(&set2), Ok(Ordering::Greater));
     }
 
+    #[test]
+    fn setof_data_too_short() {
+        let invalid_data = &hex!(
+            "3102" // SET tag and length (shorter than actual data)
+                "0201" // INTEGER tag and length
+                    "04"
+        );
+        let err = SetOf::<u16, 5>::from_der(invalid_data).unwrap_err();
+        assert_eq!(
+            ErrorKind::Incomplete {
+                expected_len: Length::new(5),
+                actual_len: Length::new(4)
+            },
+            err.kind()
+        );
+    }
+
     #[cfg(feature = "alloc")]
     #[test]
     fn setofvec_tryfrom_array() {
diff --git a/der/src/reader/slice.rs b/der/src/reader/slice.rs
index 115155eac..e70aaa5d4 100644
--- a/der/src/reader/slice.rs
+++ b/der/src/reader/slice.rs
@@ -222,4 +222,26 @@ mod tests {
             err.kind()
         );
     }
+
+    #[test]
+    fn read_nested_trailing_data() {
+        let len: Length = Length::new_usize(EXAMPLE_MSG.len()).expect("usize to be valid length");
+        let mut reader = SliceReader::new(EXAMPLE_MSG).expect("SliceReader to be created");
+
+        let nested_err: crate::Error = reader
+            .read_nested(len, |rdr| {
+                let x = i8::decode(rdr)?;
+                assert_eq!(42i8, x);
+                Ok(())
+            })
+            .unwrap_err();
+
+        assert_eq!(
+            ErrorKind::TrailingData {
+                decoded: 3u8.into(),
+                remaining: 1u8.into(),
+            },
+            nested_err.kind()
+        );
+    }
 }

From 8ff143370c70785bffe02a09ce0b89c91ebbd552 Mon Sep 17 00:00:00 2001
From: dishmaker <141624503+dishmaker@users.noreply.github.com>
Date: Fri, 22 Aug 2025 13:04:58 +0200
Subject: [PATCH 2/2] der: cargo clippy

---
 der/src/asn1/sequence_of.rs | 7 +++----
 der/src/asn1/set_of.rs      | 3 ++-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/der/src/asn1/sequence_of.rs b/der/src/asn1/sequence_of.rs
index 5a331980b..04aa7587b 100644
--- a/der/src/asn1/sequence_of.rs
+++ b/der/src/asn1/sequence_of.rs
@@ -245,12 +245,10 @@ where
 #[cfg(test)]
 mod tests {
     use crate::asn1::SequenceOf;
-    use crate::{DerOrd, Length, Decode, ErrorKind};
-
+    use crate::{Decode, DerOrd, ErrorKind, Length};
 
     use hex_literal::hex;
 
-
     #[test]
     fn sequenceof_valueord_value_cmp() {
         use core::cmp::Ordering;
@@ -277,7 +275,8 @@ mod tests {
                 "0201" // INTEGER tag and length
                     "05"
         );
-        let err = SequenceOf::<u16, 5>::from_der(invalid_data).unwrap_err();
+        let err = SequenceOf::<u16, 5>::from_der(invalid_data)
+            .expect_err("read_nested should narrow down the data slice");
         assert_eq!(
             ErrorKind::Incomplete {
                 expected_len: Length::new(5),
diff --git a/der/src/asn1/set_of.rs b/der/src/asn1/set_of.rs
index cd22b1721..c850380e8 100644
--- a/der/src/asn1/set_of.rs
+++ b/der/src/asn1/set_of.rs
@@ -514,7 +514,8 @@ mod tests {
                 "0201" // INTEGER tag and length
                     "04"
         );
-        let err = SetOf::<u16, 5>::from_der(invalid_data).unwrap_err();
+        let err = SetOf::<u16, 5>::from_der(invalid_data)
+            .expect_err("read_nested should narrow down the data slice");
         assert_eq!(
             ErrorKind::Incomplete {
                 expected_len: Length::new(5),