piv: Avoid insane allocations in fuzzer

2019-10-16 18:11:13 +02:00 · 2019-10-16 18:11:13 +02:00 · 459e4ecc37
parent 544d576b00
commit 459e4ecc37
1 changed files with 5 additions and 0 deletions
--- a/src/libopensc/card-piv.c
+++ b/src/libopensc/card-piv.c
@ -55,6 +55,8 @@
 #endif
 #include "simpletlv.h"

+#define PIV_MAX_FILE_SIZE 65535
+
 enum {
 	PIV_OBJ_CCC = 0,
 	PIV_OBJ_CHUI,
@ -960,6 +962,9 @@ piv_get_data(sc_card_t * card, int enumtag, u8 **buf, size_t *buf_len)
 	       "buffer for #%d *buf=0x%p len=%"SC_FORMAT_LEN_SIZE_T"u",
 	       enumtag, *buf, *buf_len);
 	if (*buf == NULL && *buf_len > 0) {
+		if (*buf_len > PIV_MAX_FILE_SIZE) {
+			goto err;
+		}
 		*buf = malloc(*buf_len);
 		if (*buf == NULL ) {
 			r = SC_ERROR_OUT_OF_MEMORY;