giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

tcos: Check bounds in insert_pin() 

Thanks oss-fuzz

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383
This commit is contained in:
Jakub Jelen 2020-12-08 14:37:39 +01:00 committed by Frank Morgner
parent 69544553c3
commit 5df913b7f5
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/libopensc/pkcs15-tcos.c
View File

@ -242,13 +242,13 @@ static int insert_pin(
"Searching for PIN-Ref %02X\n", pin_reference);
while ((r = sc_read_record(card, ++rec_no, buf, sizeof(buf), SC_RECORD_BY_REC_NR)) > 0) {
int found = 0, fbz = -1;
if (buf[0] != 0xA0)
if (r < 2 || buf[0] != 0xA0)
continue;
for (i = 2; i < buf[1] + 2; i += 2 + buf[i + 1]) {
for (i = 2; i < buf[1] + 2 && (i + 2) < r; i += 2 + buf[i + 1]) {
if (buf[i] == 0x83 && buf[i + 1] == 1 && buf[i + 2] == pin_reference) {
++found;
}
if (buf[i] == 0x90) {
if (buf[i] == 0x90 && (i + 1 + buf[i + 1]) < r) {
fbz = buf[i + 1 + buf[i + 1]];
}
}