--- Convert-BER-XS/XS.xs	2019/04/20 16:12:53	1.18
+++ Convert-BER-XS/XS.xs	2019/04/20 16:34:34	1.19
@@ -265,6 +265,20 @@
     }
 }
 
+// get_w, but disallow padding
+static UV
+get_w_nopad (void)
+{
+  U8 first = get_u8 ();
+
+  if (first == 0x80)
+    error ("illegal BER padding");
+
+  --cur;
+
+  return get_w ();
+}
+
 static UV
 get_length (void)
 {
@@ -380,7 +394,7 @@
     }
 
   U8 *end = cur + len;
-  UV w = get_w ();
+  UV w = get_w_nopad ();
 
   static char oid[MAX_OID_STRLEN]; // static, becaueds too large for stack
   char *app = oid;
@@ -406,7 +420,7 @@
       if (oid + sizeof (oid) - app < 64)
         croak ("BER_TYPE_OID to long to decode");
 
-      w = get_w ();
+      w = get_w_nopad ();
       *app++ = '.';
       app = write_uv (app, w);
     }