it is legal to read all bytes of the file (e.g. offset 0, len 10, fil->len 10).
Bug found by Antonio Iacono. git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@1758 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
73d0922741
commit
0b8ff3ce6a
@ -1218,7 +1218,7 @@ int sc_pkcs15_read_file(struct sc_pkcs15_card *p15card,
|
||||
len = path->count;
|
||||
/* Make sure we're within proper bounds */
|
||||
if (offset >= file->size
|
||||
|| offset + len >= file->size) {
|
||||
|| offset + len > file->size) {
|
||||
r = SC_ERROR_INVALID_ASN1_OBJECT;
|
||||
goto fail_unlock;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user