From c69add3b640830e17d7bf7e7707880514d9a013f Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 2 Mar 2020 15:34:37 +0100
Subject: [PATCH] cac: Correctly avoid recursion (amends 09531d72)

Closes: #1920

Thanks oss-fuzz

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19725
---
 src/libopensc/card-cac.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/libopensc/card-cac.c b/src/libopensc/card-cac.c
index 6970d0f4..b93d0fab 100644
--- a/src/libopensc/card-cac.c
+++ b/src/libopensc/card-cac.c
@@ -1542,7 +1542,7 @@ static int cac_process_CCC(sc_card_t *card, cac_private_data_t *priv, int depth)
 	size_t tl_len, val_len;
 	int r;
 
-	if (depth < 0) {
+	if (depth > CAC_MAX_CCC_DEPTH) {
 		sc_log(card->ctx, "Too much recursive CCC found. Exiting");
 		return SC_ERROR_INVALID_CARD;
 	}
@@ -1782,7 +1782,7 @@ static int cac_find_and_initialize(sc_card_t *card, int initialize)
 		priv = cac_new_private_data();
 		if (!priv)
 			return SC_ERROR_OUT_OF_MEMORY;
-		r = cac_process_CCC(card, priv, CAC_MAX_CCC_DEPTH);
+		r = cac_process_CCC(card, priv, 0);
 		if (r == SC_SUCCESS) {
 			card->type = SC_CARD_TYPE_CAC_II;
 			card->drv_data = priv;