From acd062e0dd73eba80bb84369de8a9f24e7a2d908 Mon Sep 17 00:00:00 2001
From: ep <ep@c6295689-39f2-0310-b995-f0e70906c6a9>
Date: Wed, 18 Aug 2010 13:42:16 +0000
Subject: [PATCH] Avert potential buffer overflows in pkcs15-itacns.c

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4632 c6295689-39f2-0310-b995-f0e70906c6a9
---
 src/libopensc/pkcs15-itacns.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/libopensc/pkcs15-itacns.c b/src/libopensc/pkcs15-itacns.c
index 100a6b5b..3e29a22a 100644
--- a/src/libopensc/pkcs15-itacns.c
+++ b/src/libopensc/pkcs15-itacns.c
@@ -536,8 +536,11 @@ static int itacns_add_keyset(sc_pkcs15_card_t *p15card,
 
 	/* PIN and PUK */
 	char pinlabel[16];
-	strncpy(pinlabel, "PIN ", sizeof(pinlabel));
-	strncat(pinlabel, label, sizeof(pinlabel));
+	{
+		const char PIN[] = "PIN ";
+		strcpy(pinlabel, PIN);
+		strncat(pinlabel, label, sizeof(pinlabel)-sizeof(PIN)-1);
+	}
 	/* We are making up ID 0x90+ to link the PIN and the PUK. */
 	int fake_puk_authid = 0x90 + pin_ref;
 	int pin_flags = SC_PKCS15_PIN_FLAG_CASE_SENSITIVE
@@ -547,9 +550,11 @@ static int itacns_add_keyset(sc_pkcs15_card_t *p15card,
 	    private_path, pin_flags);
 	SC_TEST_RET(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r,
 		"Could not add PIN");
-
-	strncpy(pinlabel, "PUK ", sizeof(pinlabel));
-	strncat(pinlabel, label, sizeof(pinlabel));
+	{
+		const char PUK[] = "PUK ";
+		strcpy(pinlabel, PUK);
+		strncat(pinlabel, label, sizeof(pinlabel)-sizeof(PUK)-1);
+	}
 	/*
 	 * Looking at pkcs15-tcos.c and pkcs15-framework.c, it seems that the
 	 * right thing to do here is to define a PUK as a SO PIN. Can anybody