fixed memory corruption in encode_file_structure
as suggested by Peter Popovec
This commit is contained in:
parent
88ec461bc5
commit
30b24e79c0
|
@ -344,17 +344,20 @@ static int myeid_process_fci(struct sc_card *card, struct sc_file *file,
|
|||
}
|
||||
|
||||
static int encode_file_structure(sc_card_t *card, const sc_file_t *file,
|
||||
u8 *out, size_t *outlen)
|
||||
u8 *buf, size_t *outlen)
|
||||
{
|
||||
const sc_acl_entry_t *read, *update, *delete, *generate;
|
||||
u8 buf[42];
|
||||
size_t i;
|
||||
|
||||
LOG_FUNC_CALLED(card->ctx);
|
||||
|
||||
if (!buf || !outlen || *outlen < 45)
|
||||
LOG_FUNC_RETURN(card->ctx, SC_ERROR_INTERNAL);
|
||||
|
||||
/* PrivateKey
|
||||
* 0E0000019 6217 81020400 820111 83024B01 8603000000 85028000 8A0100 RESULT 6984
|
||||
* 6217 81020400 820111 83024B01 8603000000 85021000 8A0100 */
|
||||
memset(buf, 0x0, sizeof(buf));
|
||||
memset(buf, 0x0, *outlen);
|
||||
|
||||
buf[0] = 0x62;
|
||||
buf[1] = 0x17;
|
||||
|
@ -453,9 +456,9 @@ static int encode_file_structure(sc_card_t *card, const sc_file_t *file,
|
|||
buf[26] = (u8)file->namelen;
|
||||
|
||||
for(i=0;i < file->namelen;i++)
|
||||
buf[i + 26] = file->name[i];
|
||||
buf[i + 27] = file->name[i];
|
||||
|
||||
buf[1] = 0x19 + file->namelen + 2;
|
||||
buf[1] = 27 + file->namelen;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
|
@ -464,16 +467,15 @@ static int encode_file_structure(sc_card_t *card, const sc_file_t *file,
|
|||
}
|
||||
|
||||
*outlen = buf[1]+2;
|
||||
memcpy(out, buf, *outlen);
|
||||
|
||||
LOG_FUNC_RETURN(card->ctx, 0);
|
||||
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
|
||||
}
|
||||
|
||||
static int myeid_create_file(struct sc_card *card, struct sc_file *file)
|
||||
{
|
||||
sc_apdu_t apdu;
|
||||
u8 sbuf[32];
|
||||
size_t buflen;
|
||||
u8 sbuf[45];
|
||||
size_t buflen = sizeof sbuf;
|
||||
int r;
|
||||
|
||||
LOG_FUNC_CALLED(card->ctx);
|
||||
|
@ -808,7 +810,7 @@ static int
|
|||
myeid_convert_ec_signature(struct sc_context *ctx, size_t s_len, unsigned char *data, size_t datalen)
|
||||
{
|
||||
unsigned char *buf;
|
||||
size_t i, buflen;
|
||||
size_t buflen;
|
||||
int r;
|
||||
|
||||
assert(data && datalen);
|
||||
|
|
Loading…
Reference in New Issue