prevent out of bounds write
fixes https://oss-fuzz.com/testcase-detail/5226571123392512
This commit is contained in:
parent
55fd3db2b5
commit
9d294de90d
|
@ -623,6 +623,8 @@ static int tcos_decipher(sc_card_t *card, const u8 * crgram, size_t crgram_len,
|
||||||
apdu.data = sbuf;
|
apdu.data = sbuf;
|
||||||
apdu.lc = apdu.datalen = crgram_len+1;
|
apdu.lc = apdu.datalen = crgram_len+1;
|
||||||
sbuf[0] = tcos3 ? 0x00 : ((data->pad_flags & SC_ALGORITHM_RSA_PAD_PKCS1) ? 0x81 : 0x02);
|
sbuf[0] = tcos3 ? 0x00 : ((data->pad_flags & SC_ALGORITHM_RSA_PAD_PKCS1) ? 0x81 : 0x02);
|
||||||
|
if (sizeof sbuf - 1 < crgram_len)
|
||||||
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
memcpy(sbuf+1, crgram, crgram_len);
|
memcpy(sbuf+1, crgram, crgram_len);
|
||||||
|
|
||||||
r = sc_transmit_apdu(card, &apdu);
|
r = sc_transmit_apdu(card, &apdu);
|
||||||
|
|
Loading…
Reference in New Issue