From 2327835416fe7307664906f0501f5cdabfb47ecb Mon Sep 17 00:00:00 2001
From: aj <aj@c6295689-39f2-0310-b995-f0e70906c6a9>
Date: Wed, 26 Apr 2006 10:07:20 +0000
Subject: [PATCH] fix a memory leak. don't access buffer beyond length.

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@2912 c6295689-39f2-0310-b995-f0e70906c6a9
---
 src/libopensc/apdu.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/libopensc/apdu.c b/src/libopensc/apdu.c
index 7c562ff8..6d6e659a 100644
--- a/src/libopensc/apdu.c
+++ b/src/libopensc/apdu.c
@@ -202,8 +202,10 @@ int sc_apdu_get_octets(sc_context_t *ctx, const sc_apdu_t *apdu, u8 **buf,
 	if (nbuf == NULL)
 		return SC_ERROR_MEMORY_FAILURE;
 	/* encode the APDU in the buffer */
-	if (sc_apdu2bytes(ctx, apdu, proto, nbuf, nlen) != SC_SUCCESS)
+	if (sc_apdu2bytes(ctx, apdu, proto, nbuf, nlen) != SC_SUCCESS) {
+		free(nbuf);
 		return SC_ERROR_INTERNAL;
+	}
 	*buf = nbuf;
 	*len = nlen;
 
@@ -224,11 +226,10 @@ int sc_apdu_set_resp(sc_context_t *ctx, sc_apdu_t *apdu, const u8 *buf,
 	apdu->sw2 = (unsigned int)buf[len - 1];
 	len -= 2;
 	/* set output length and copy the returned data if necessary */
-	if (len <= apdu->resplen)
+	if (apdu->resplen >= len) {
 		apdu->resplen = len;
-
-	if (apdu->resplen != 0)
 		memcpy(apdu->resp, buf, apdu->resplen);
+	}
 
 	return SC_SUCCESS;
 }