tcos: Check bounds in insert_pin()
Thanks oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383
This commit is contained in:
parent
69544553c3
commit
5df913b7f5
|
@ -242,13 +242,13 @@ static int insert_pin(
|
||||||
"Searching for PIN-Ref %02X\n", pin_reference);
|
"Searching for PIN-Ref %02X\n", pin_reference);
|
||||||
while ((r = sc_read_record(card, ++rec_no, buf, sizeof(buf), SC_RECORD_BY_REC_NR)) > 0) {
|
while ((r = sc_read_record(card, ++rec_no, buf, sizeof(buf), SC_RECORD_BY_REC_NR)) > 0) {
|
||||||
int found = 0, fbz = -1;
|
int found = 0, fbz = -1;
|
||||||
if (buf[0] != 0xA0)
|
if (r < 2 || buf[0] != 0xA0)
|
||||||
continue;
|
continue;
|
||||||
for (i = 2; i < buf[1] + 2; i += 2 + buf[i + 1]) {
|
for (i = 2; i < buf[1] + 2 && (i + 2) < r; i += 2 + buf[i + 1]) {
|
||||||
if (buf[i] == 0x83 && buf[i + 1] == 1 && buf[i + 2] == pin_reference) {
|
if (buf[i] == 0x83 && buf[i + 1] == 1 && buf[i + 2] == pin_reference) {
|
||||||
++found;
|
++found;
|
||||||
}
|
}
|
||||||
if (buf[i] == 0x90) {
|
if (buf[i] == 0x90 && (i + 1 + buf[i + 1]) < r) {
|
||||||
fbz = buf[i + 1 + buf[i + 1]];
|
fbz = buf[i + 1 + buf[i + 1]];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue