avoid out of bounds read
This commit is contained in:
parent
03c5280626
commit
6184c1fbab
|
@ -898,7 +898,7 @@ static int piv_read_obj_from_file(sc_card_t * card, char * filename,
|
|||
goto err;
|
||||
}
|
||||
memcpy(*buf, tagbuf, len); /* copy first or only part */
|
||||
if (rbuflen > len) {
|
||||
if (rbuflen > len + sizeof(tagbuf)) {
|
||||
len = read(f, *buf + sizeof(tagbuf), rbuflen - sizeof(tagbuf)); /* read rest */
|
||||
if (len != rbuflen - sizeof(tagbuf)) {
|
||||
r = SC_ERROR_INVALID_ASN1_OBJECT;
|
||||
|
|
|
@ -617,6 +617,8 @@ int msc_extract_rsa_public_key(sc_card_t *card,
|
|||
if(!*modulus) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY);
|
||||
memcpy(*modulus, buffer, *modLength);
|
||||
*expLength = (buffer[*modLength] << 8) | buffer[*modLength + 1];
|
||||
if (*expLength > sizeof buffer)
|
||||
return SC_ERROR_OUT_OF_MEMORY;
|
||||
r = msc_read_object(card, inputId, fileLocation, buffer, *expLength);
|
||||
if(r < 0) {
|
||||
free(*modulus); *modulus = NULL;
|
||||
|
|
Loading…
Reference in New Issue