giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

pgp: don't write beyond oid object 

fixes Stack-buffer-overflow
https://oss-fuzz.com/testcase-detail/6329203163398144
This commit is contained in:
Frank Morgner 2019-12-18 14:55:46 +01:00
parent af42a93874
commit 333c41c5d5
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/libopensc/card-openpgp.c
View File

@ -721,7 +721,7 @@ pgp_parse_algo_attr_blob(const pgp_blob_t *blob, sc_cardctl_openpgp_keygen_info_
sc_init_oid(&oid);
/* Create copy of oid from blob */
for (j=0; j < (blob->len-1); j++) {
for (j=0; j < (blob->len-1) && j < SC_MAX_OBJECT_ID_OCTETS; j++) {
oid.value[j] = blob->data[j+1]; /* ignore first byte of blob (algo ID) */
}