replace static buffer with dynamically allocated buffer.
patch by Tomasz Lemiech to fix a problem with setec cards. git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@2983 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
7dd7df4e7c
commit
6287cf4d9b
|
@ -486,7 +486,7 @@ void sc_pkcs15_card_clear(sc_pkcs15_card_t *p15card)
|
||||||
|
|
||||||
static int sc_pkcs15_bind_internal(sc_pkcs15_card_t *p15card)
|
static int sc_pkcs15_bind_internal(sc_pkcs15_card_t *p15card)
|
||||||
{
|
{
|
||||||
unsigned char buf[SC_MAX_APDU_BUFFER_SIZE];
|
unsigned char *buf;
|
||||||
int err, ok = 0;
|
int err, ok = 0;
|
||||||
size_t len;
|
size_t len;
|
||||||
sc_path_t tmppath;
|
sc_path_t tmppath;
|
||||||
|
@ -566,10 +566,13 @@ static int sc_pkcs15_bind_internal(sc_pkcs15_card_t *p15card)
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* XXX: fix buffer overflow. Silently truncate ODF if it
|
if ((len = p15card->file_odf->size) == 0) {
|
||||||
* is too large. --okir */
|
sc_error(card->ctx, "EF(ODF) is empty\n");
|
||||||
if ((len = p15card->file_odf->size) > sizeof(buf))
|
goto end;
|
||||||
len = sizeof(buf);
|
}
|
||||||
|
buf = malloc(len);
|
||||||
|
if(buf == NULL)
|
||||||
|
return SC_ERROR_OUT_OF_MEMORY;
|
||||||
err = sc_read_binary(card, 0, buf, len, 0);
|
err = sc_read_binary(card, 0, buf, len, 0);
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
goto end;
|
goto end;
|
||||||
|
@ -583,6 +586,7 @@ static int sc_pkcs15_bind_internal(sc_pkcs15_card_t *p15card)
|
||||||
sc_error(card->ctx, "Unable to parse ODF\n");
|
sc_error(card->ctx, "Unable to parse ODF\n");
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
|
free(buf);
|
||||||
|
|
||||||
if (card->ctx->debug) {
|
if (card->ctx->debug) {
|
||||||
sc_pkcs15_df_t *df;
|
sc_pkcs15_df_t *df;
|
||||||
|
@ -613,8 +617,13 @@ static int sc_pkcs15_bind_internal(sc_pkcs15_card_t *p15card)
|
||||||
if (err)
|
if (err)
|
||||||
goto end;
|
goto end;
|
||||||
|
|
||||||
if ((len = p15card->file_tokeninfo->size) > sizeof(buf))
|
if ((len = p15card->file_tokeninfo->size) == 0) {
|
||||||
len = sizeof(buf);
|
sc_error(card->ctx, "EF(TokenInfo) is empty\n");
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
buf = malloc(len);
|
||||||
|
if(buf == NULL)
|
||||||
|
return SC_ERROR_OUT_OF_MEMORY;
|
||||||
err = sc_read_binary(card, 0, buf, len, 0);
|
err = sc_read_binary(card, 0, buf, len, 0);
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
goto end;
|
goto end;
|
||||||
|
@ -637,6 +646,8 @@ static int sc_pkcs15_bind_internal(sc_pkcs15_card_t *p15card)
|
||||||
|
|
||||||
ok = 1;
|
ok = 1;
|
||||||
end:
|
end:
|
||||||
|
if(buf != NULL)
|
||||||
|
free(buf);
|
||||||
if (!ok) {
|
if (!ok) {
|
||||||
sc_pkcs15_card_clear(p15card);
|
sc_pkcs15_card_clear(p15card);
|
||||||
return err;
|
return err;
|
||||||
|
|
Loading…
Reference in New Issue