giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

cardos: Correctly calculate the left bytes to avoid buffer overrun 

Thanks oss-fuzz

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29912
This commit is contained in:
Jakub Jelen 2021-02-04 13:11:01 +01:00 committed by Frank Morgner
parent 17d8980cde
commit 1252aca9f1
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/libopensc/card-cardos.c
View File

@ -159,7 +159,7 @@ static int cardos_have_2048bit_package(sc_card_t *card)
sc_apdu_t apdu;
u8 rbuf[SC_MAX_APDU_BUFFER_SIZE];
int r;
const u8 *p = rbuf, *q;
const u8 *p = rbuf, *q, *pp;
size_t len, tlen = 0, ilen = 0;
sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xca, 0x01, 0x88);
@ -175,10 +175,10 @@ static int cardos_have_2048bit_package(sc_card_t *card)
return 0;
while (len != 0) {
p = sc_asn1_find_tag(card->ctx, p, len, 0xe1, &tlen);
if (p == NULL)
pp = sc_asn1_find_tag(card->ctx, p, len, 0xe1, &tlen);
if (pp == NULL)
return 0;
q = sc_asn1_find_tag(card->ctx, p, tlen, 0x01, &ilen);
q = sc_asn1_find_tag(card->ctx, pp, tlen, 0x01, &ilen);
if (q == NULL || ilen != 4)
return 0;
if (q[0] == 0x1c)