giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

ctbcs.c: fixed out of bounds write

This commit is contained in:
Frank Morgner 2015-11-01 11:33:40 +01:00
parent a649d66b02
commit 98d7578113
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/libopensc/ctbcs.c
View File

@ -95,7 +95,7 @@ ctbcs_build_perform_verification_apdu(sc_apdu_t *apdu, struct sc_pin_cmd_data *d
if (data->flags & SC_PIN_CMD_NEED_PADDING) {
len = data->pin1.pad_length;
if (1 + j + len > buflen || len > 256)
if (1 + j + 1 + len > buflen || len > 256)
return SC_ERROR_BUFFER_TOO_SMALL;
buf[j++] = len;
memset(buf+j, data->pin1.pad_char, len);
@ -170,7 +170,7 @@ ctbcs_build_modify_verification_apdu(sc_apdu_t *apdu, struct sc_pin_cmd_data *da
if (data->flags & SC_PIN_CMD_NEED_PADDING) {
len = data->pin1.pad_length + data->pin2.pad_length;
if (1 + j + len > buflen || len > 256)
if (1 + j + 1 + len > buflen || len > 256)
return SC_ERROR_BUFFER_TOO_SMALL;
buf[j++] = len;
memset(buf+j, data->pin1.pad_char, len);