tcos: Avoid reading behind the end of allocated buffer

Thanks oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27480
2020-11-16 12:18:47 +01:00 · 2020-11-16 12:18:47 +01:00 · b5b1afe401
parent d3451faa21
commit b5b1afe401
1 changed files with 1 additions and 1 deletions
--- a/src/libopensc/pkcs15-tcos.c
+++ b/src/libopensc/pkcs15-tcos.c
@ -141,7 +141,7 @@ static int insert_key(
 			int found = 0;
 			if (buf[0] != 0xA0)
 				continue;
-			for (i = 2; i < buf[1] + 2; i += 2 + buf[i + 1]) {
+			for (i = 2; i < buf[1] + 2 && i < r - 2; i += 2 + buf[i + 1]) {
 				if (buf[i] == 0x83 && buf[i + 1] == 1 && buf[i + 2] == key_reference)
 					++found;
 			}