authentic: Avoid accessing behind buffers

Thanks oss-fuzz

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26900
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26860
This commit is contained in:
Jakub Jelen 2020-11-16 18:32:40 +01:00 committed by Frank Morgner
parent 445c651549
commit 65461e4eb5
1 changed files with 2 additions and 2 deletions

View File

@ -672,12 +672,12 @@ authentic_reduce_path(struct sc_card *card, struct sc_path *path)
cur_path = card->cache.current_df->path;
if (!memcmp(cur_path.value, "\x3F\x00", 2) && memcmp(in_path.value, "\x3F\x00", 2)) {
memmove(in_path.value + 2, in_path.value, in_path.len);
memmove(in_path.value + 2, in_path.value, (in_path.len - 2));
memcpy(in_path.value, "\x3F\x00", 2);
in_path.len += 2;
}
for (offs=0; offs < in_path.len && offs < cur_path.len; offs += 2) {
for (offs = 0; (offs + 1) < in_path.len && (offs + 1) < cur_path.len; offs += 2) {
if (cur_path.value[offs] != in_path.value[offs])
break;
if (cur_path.value[offs + 1] != in_path.value[offs + 1])