piv: Avoid insane allocations in fuzzer
This commit is contained in:
parent
544d576b00
commit
459e4ecc37
|
@ -55,6 +55,8 @@
|
||||||
#endif
|
#endif
|
||||||
#include "simpletlv.h"
|
#include "simpletlv.h"
|
||||||
|
|
||||||
|
#define PIV_MAX_FILE_SIZE 65535
|
||||||
|
|
||||||
enum {
|
enum {
|
||||||
PIV_OBJ_CCC = 0,
|
PIV_OBJ_CCC = 0,
|
||||||
PIV_OBJ_CHUI,
|
PIV_OBJ_CHUI,
|
||||||
|
@ -960,6 +962,9 @@ piv_get_data(sc_card_t * card, int enumtag, u8 **buf, size_t *buf_len)
|
||||||
"buffer for #%d *buf=0x%p len=%"SC_FORMAT_LEN_SIZE_T"u",
|
"buffer for #%d *buf=0x%p len=%"SC_FORMAT_LEN_SIZE_T"u",
|
||||||
enumtag, *buf, *buf_len);
|
enumtag, *buf, *buf_len);
|
||||||
if (*buf == NULL && *buf_len > 0) {
|
if (*buf == NULL && *buf_len > 0) {
|
||||||
|
if (*buf_len > PIV_MAX_FILE_SIZE) {
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
*buf = malloc(*buf_len);
|
*buf = malloc(*buf_len);
|
||||||
if (*buf == NULL ) {
|
if (*buf == NULL ) {
|
||||||
r = SC_ERROR_OUT_OF_MEMORY;
|
r = SC_ERROR_OUT_OF_MEMORY;
|
||||||
|
|
Loading…
Reference in New Issue