From 12c6b11bddb9e555a8ee9ccd5789cdd2307925c2 Mon Sep 17 00:00:00 2001
From: henryk <henryk@c6295689-39f2-0310-b995-f0e70906c6a9>
Date: Tue, 26 Sep 2006 10:43:28 +0000
Subject: [PATCH] Fix handling for SIMPLE-TLV records with a three-byte length

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3027 c6295689-39f2-0310-b995-f0e70906c6a9
---
 src/libopensc/pkcs15.c | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/src/libopensc/pkcs15.c b/src/libopensc/pkcs15.c
index b5371a98..4e16a4f1 100644
--- a/src/libopensc/pkcs15.c
+++ b/src/libopensc/pkcs15.c
@@ -1622,7 +1622,7 @@ int sc_pkcs15_read_file(struct sc_pkcs15_card *p15card,
 		} else if (file->ef_structure == SC_FILE_EF_LINEAR_VARIABLE_TLV)
 		{
 			int i;
-			size_t l;
+			size_t l, record_len;
 			unsigned char *head;
 
 			head = data;
@@ -1639,10 +1639,19 @@ int sc_pkcs15_read_file(struct sc_pkcs15_card *p15card,
 					free(data);
 					goto fail_unlock;
 				}
-				if (r <= 2)
+				if (r < 2)
 					break;
-				memmove(head,head+2,r-2);
-				head += (r-2);
+				record_len = head[1];
+				if (record_len != 0xff) {
+					memmove(head,head+2,r-2);
+					head += (r-2);
+				} else {
+					if (r < 4)
+						break;
+					record_len = head[2] * 256 + head[3];
+					memmove(head,head+4,r-4);
+					head += (r-4);
+				}
 			}
 			len = head-data;
 			r = len;