prevent out of bounds read

fixes https://oss-fuzz.com/testcase-detail/5769298181357568
2020-06-05 08:31:19 +02:00 · 2020-06-05 08:31:19 +02:00 · 0f0e0b2e30
parent 9d294de90d
commit 0f0e0b2e30
1 changed files with 2 additions and 0 deletions
--- a/src/libopensc/card-tcos.c
+++ b/src/libopensc/card-tcos.c
@ -559,6 +559,8 @@ static int tcos_compute_signature(sc_card_t *card, const u8 * data, size_t datal
 		int keylen= tcos3 ? 256 : 128;
 		sc_format_apdu(card, &apdu, keylen>255 ? SC_APDU_CASE_4_EXT : SC_APDU_CASE_4_SHORT, 0x2A,0x80,0x86);
 		for(i=0; i<sizeof(sbuf);++i) sbuf[i]=0xff;
+		if (keylen < datalen)
+			return SC_ERROR_INVALID_ARGUMENTS;
 		sbuf[0]=0x02; sbuf[1]=0x00; sbuf[2]=0x01; sbuf[keylen-datalen]=0x00;
 		memcpy(sbuf+keylen-datalen+1, data, datalen);
 		dlen=keylen+1;