tcos: Check bounds in insert_pin()
Thanks oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383
This commit is contained in:
parent
69544553c3
commit
5df913b7f5
@ -242,13 +242,13 @@ static int insert_pin(
|
||||
"Searching for PIN-Ref %02X\n", pin_reference);
|
||||
while ((r = sc_read_record(card, ++rec_no, buf, sizeof(buf), SC_RECORD_BY_REC_NR)) > 0) {
|
||||
int found = 0, fbz = -1;
|
||||
if (buf[0] != 0xA0)
|
||||
if (r < 2 || buf[0] != 0xA0)
|
||||
continue;
|
||||
for (i = 2; i < buf[1] + 2; i += 2 + buf[i + 1]) {
|
||||
for (i = 2; i < buf[1] + 2 && (i + 2) < r; i += 2 + buf[i + 1]) {
|
||||
if (buf[i] == 0x83 && buf[i + 1] == 1 && buf[i + 2] == pin_reference) {
|
||||
++found;
|
||||
}
|
||||
if (buf[i] == 0x90) {
|
||||
if (buf[i] == 0x90 && (i + 1 + buf[i + 1]) < r) {
|
||||
fbz = buf[i + 1 + buf[i + 1]];
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user