From 906108bb691a35828cc4e09fcba904d08c24d458 Mon Sep 17 00:00:00 2001
From: Frank Morgner <frankmorgner@gmail.com>
Date: Thu, 20 Feb 2020 10:46:23 +0100
Subject: [PATCH] dnie: fixed length checking of uncompressed data

fixes https://oss-fuzz.com/testcase-detail/5632848910614528
---
 src/libopensc/card-dnie.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/libopensc/card-dnie.c b/src/libopensc/card-dnie.c
index 110b3a83..164ae15c 100644
--- a/src/libopensc/card-dnie.c
+++ b/src/libopensc/card-dnie.c
@@ -944,16 +944,15 @@ static u8 *dnie_uncompress(sc_card_t * card, u8 * from, size_t *len)
 		sc_log(card->ctx, "alloc() for uncompressed buffer failed");
 		return NULL;
 	}
+	*len = uncompressed;
 	res = sc_decompress(upt,	/* try to uncompress by calling sc_xx routine */
-			    (size_t *) & uncompressed,
+			    len,
 			    from + 8, (size_t) compressed, COMPRESSION_ZLIB);
-	/* TODO: check that returned uncompressed size matches expected */
 	if (res != SC_SUCCESS) {
 		sc_log(card->ctx, "Uncompress() failed or data not compressed");
 		goto compress_exit;	/* assume not need uncompression */
 	}
 	/* Done; update buffer len and return pt to uncompressed data */
-	*len = uncompressed;
 	sc_log_hex(card->ctx, "Compressed data", from + 8, compressed);
 	sc_log_hex(card->ctx, "Uncompressed data", upt, uncompressed);
  compress_exit: