From 07038225a74a738f1916e882d97a45ac4b344c13 Mon Sep 17 00:00:00 2001 From: Frank Morgner Date: Thu, 17 Sep 2015 21:14:49 +0200 Subject: [PATCH] Fixes out of bounds read --- src/libopensc/pkcs15-gemsafeV1.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/libopensc/pkcs15-gemsafeV1.c b/src/libopensc/pkcs15-gemsafeV1.c index b757b116..43858f13 100644 --- a/src/libopensc/pkcs15-gemsafeV1.c +++ b/src/libopensc/pkcs15-gemsafeV1.c @@ -256,6 +256,8 @@ static int gemsafe_get_cert_len(sc_card_t *card) return SC_SUCCESS; } /* DER cert len is encoded this way */ + if (ind+3 >= sizeof ibuf) + return SC_ERROR_INVALID_DATA; certlen = ((((size_t) ibuf[ind+2]) << 8) | ibuf[ind+3]) + 4; sc_log(card->ctx, "Found certificate of key container %d at offset %d, len %d", i+1, ind, certlen); gemsafe_cert[i].index = ind;