coverity-scan: supplement to #710
This commit is contained in:
parent
1329597e33
commit
bd84e18f45
|
@ -47,7 +47,7 @@ ctbcs_build_perform_verification_apdu(sc_apdu_t *apdu, struct sc_pin_cmd_data *d
|
||||||
{
|
{
|
||||||
const char *prompt;
|
const char *prompt;
|
||||||
size_t buflen, count = 0, j = 0, len;
|
size_t buflen, count = 0, j = 0, len;
|
||||||
static u8 buf[256];
|
static u8 buf[SC_MAX_APDU_BUFFER_SIZE];
|
||||||
u8 control;
|
u8 control;
|
||||||
|
|
||||||
ctbcs_init_apdu(apdu,
|
ctbcs_init_apdu(apdu,
|
||||||
|
@ -71,7 +71,7 @@ ctbcs_build_perform_verification_apdu(sc_apdu_t *apdu, struct sc_pin_cmd_data *d
|
||||||
/* card apdu must be last in packet */
|
/* card apdu must be last in packet */
|
||||||
if (!data->apdu)
|
if (!data->apdu)
|
||||||
return SC_ERROR_INTERNAL;
|
return SC_ERROR_INTERNAL;
|
||||||
if (count + 8 > buflen)
|
if (count + 12 > buflen)
|
||||||
return SC_ERROR_BUFFER_TOO_SMALL;
|
return SC_ERROR_BUFFER_TOO_SMALL;
|
||||||
|
|
||||||
j = count;
|
j = count;
|
||||||
|
@ -95,14 +95,13 @@ ctbcs_build_perform_verification_apdu(sc_apdu_t *apdu, struct sc_pin_cmd_data *d
|
||||||
|
|
||||||
if (data->flags & SC_PIN_CMD_NEED_PADDING) {
|
if (data->flags & SC_PIN_CMD_NEED_PADDING) {
|
||||||
len = data->pin1.pad_length;
|
len = data->pin1.pad_length;
|
||||||
if (1 + j + 1 + len > buflen || len > 256)
|
if (2 + j + len > buflen)
|
||||||
return SC_ERROR_BUFFER_TOO_SMALL;
|
return SC_ERROR_BUFFER_TOO_SMALL;
|
||||||
buf[j++] = len;
|
buf[j++] = len;
|
||||||
memset(buf+j, data->pin1.pad_char, len);
|
memset(buf+j, data->pin1.pad_char, len);
|
||||||
j += len;
|
j += len;
|
||||||
}
|
}
|
||||||
if (count + 1 > buflen)
|
|
||||||
return SC_ERROR_BUFFER_TOO_SMALL;
|
|
||||||
buf[count+1] = j - count - 2;
|
buf[count+1] = j - count - 2;
|
||||||
count = j;
|
count = j;
|
||||||
|
|
||||||
|
@ -166,14 +165,13 @@ ctbcs_build_modify_verification_apdu(sc_apdu_t *apdu, struct sc_pin_cmd_data *da
|
||||||
|
|
||||||
if (data->flags & SC_PIN_CMD_NEED_PADDING) {
|
if (data->flags & SC_PIN_CMD_NEED_PADDING) {
|
||||||
len = data->pin1.pad_length + data->pin2.pad_length;
|
len = data->pin1.pad_length + data->pin2.pad_length;
|
||||||
if (1 + j + 1 + len > buflen || len > 256)
|
if (2 + j + len > buflen)
|
||||||
return SC_ERROR_BUFFER_TOO_SMALL;
|
return SC_ERROR_BUFFER_TOO_SMALL;
|
||||||
buf[j++] = len;
|
buf[j++] = len;
|
||||||
memset(buf+j, data->pin1.pad_char, len);
|
memset(buf+j, data->pin1.pad_char, len);
|
||||||
j += len;
|
j += len;
|
||||||
}
|
}
|
||||||
if (count > buflen)
|
|
||||||
return SC_ERROR_BUFFER_TOO_SMALL;
|
|
||||||
buf[count+1] = j - count - 2;
|
buf[count+1] = j - count - 2;
|
||||||
count = j;
|
count = j;
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue