giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

cac: Avoid OOB reads for inconsistent TLV structures

This commit is contained in:
Jakub Jelen 2018-07-09 14:13:41 +02:00
parent 50b000047c
commit 79c0dbaa4e
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/libopensc/card-cac.c
View File

@ -1555,8 +1555,15 @@ static int cac_parse_CCC(sc_card_t *card, cac_private_data_t *priv, u8 *tl,
for (; (tl < tl_end) && (val< val_end); val += len) {
/* get the tag and the length */
u8 tag;
if (sc_simpletlv_read_tag(&tl, tl_end - tl, &tag, &len) != SC_SUCCESS)
r = sc_simpletlv_read_tag(&tl, tl_end - tl, &tag, &len);
if (r != SC_SUCCESS && r != SC_ERROR_TLV_END_OF_CONTENTS) {
sc_log(card->ctx, "Failed to parse tag from buffer");
break;
}
if (val + len > val_end) {
sc_log(card->ctx, "Invalid length %"SC_FORMAT_LEN_SIZE_T"u", len);
break;
}
switch (tag) {
case CAC_TAG_CUID:
sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE,"TAG:CUID");