giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fixed Heap-buffer-overflow READ 

7cf8087351 seemed to be incomplete. Change
the length of the buffer right before it's accessed.

fixes https://oss-fuzz.com/testcase-detail/5734055866531840
This commit is contained in:
Frank Morgner 2020-07-30 02:26:25 +02:00
parent 6903aebfdd
commit 978c912c70
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/libopensc/card-asepcos.c
View File

@ -184,13 +184,21 @@ static int asepcos_parse_sec_attr(sc_card_t *card, sc_file_t *file, const u8 *bu
if (r != SC_SUCCESS)
return r;
tlen += 2;
} else if (p[3] == 0xA0 && p[4] > 0 && len >= 4U + p[4]) {
} else if (p[3] == 0xA0 && len >= 4U + p[4]) {
if (len < 6) {
sc_log(card->ctx, "invalid access mode encoding");
return SC_ERROR_INTERNAL;
}
/* TODO: support OR expressions */
int r = set_sec_attr(file, amode, p[5], SC_AC_CHV);
if (r != SC_SUCCESS)
return r;
tlen += 2 + p[4]; /* FIXME */
} else if (p[3] == 0xAF && p[4] > 0 && len >= 4U + p[4]) {
} else if (p[3] == 0xAF && len >= 4U + p[4]) {
if (len < 6) {
sc_log(card->ctx, "invalid access mode encoding");
return SC_ERROR_INTERNAL;
}
/* TODO: support AND expressions */
int r = set_sec_attr(file, amode, p[5], SC_AC_CHV);
if (r != SC_SUCCESS)