itacns: fixed length checking

fixes https://oss-fuzz.com/testcase-detail/5116660103774208
2020-09-25 11:19:31 +02:00 · 2020-09-25 11:19:31 +02:00 · 3ebfb01a3c
parent 7296210224
commit 3ebfb01a3c
1 changed files with 5 additions and 6 deletions
--- a/src/libopensc/pkcs15-itacns.c
+++ b/src/libopensc/pkcs15-itacns.c
@ -455,17 +455,16 @@ static int get_name_from_EF_DatiPersonali(unsigned char *EFdata,

 	for(f=0; f<f_first_name+1; f++) {
 		int field_size;
+
 		/* Don't read beyond the allocated buffer */
-		if(i > file_size)
+		if(i+2 > file_size)
 			return -1;
-
 		field_size = hextoint((char*) &file[i], 2);
-		if((field_size < 0) || (field_size+i > file_size))
-			return -1;
-
 		i += 2;

-		if(field_size >= (int)sizeof(fields[f].value))
+		if (field_size < 0
+				|| i + field_size > file_size
+				|| field_size >= (int)sizeof(fields[f].value))
 			return -1;

 		fields[f].len = field_size;