cac: Correctly avoid recursion (amends 09531d72
)
Closes: #1920 Thanks oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19725
This commit is contained in:
parent
dba0f56722
commit
c69add3b64
|
@ -1542,7 +1542,7 @@ static int cac_process_CCC(sc_card_t *card, cac_private_data_t *priv, int depth)
|
||||||
size_t tl_len, val_len;
|
size_t tl_len, val_len;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
if (depth < 0) {
|
if (depth > CAC_MAX_CCC_DEPTH) {
|
||||||
sc_log(card->ctx, "Too much recursive CCC found. Exiting");
|
sc_log(card->ctx, "Too much recursive CCC found. Exiting");
|
||||||
return SC_ERROR_INVALID_CARD;
|
return SC_ERROR_INVALID_CARD;
|
||||||
}
|
}
|
||||||
|
@ -1782,7 +1782,7 @@ static int cac_find_and_initialize(sc_card_t *card, int initialize)
|
||||||
priv = cac_new_private_data();
|
priv = cac_new_private_data();
|
||||||
if (!priv)
|
if (!priv)
|
||||||
return SC_ERROR_OUT_OF_MEMORY;
|
return SC_ERROR_OUT_OF_MEMORY;
|
||||||
r = cac_process_CCC(card, priv, CAC_MAX_CCC_DEPTH);
|
r = cac_process_CCC(card, priv, 0);
|
||||||
if (r == SC_SUCCESS) {
|
if (r == SC_SUCCESS) {
|
||||||
card->type = SC_CARD_TYPE_CAC_II;
|
card->type = SC_CARD_TYPE_CAC_II;
|
||||||
card->drv_data = priv;
|
card->drv_data = priv;
|
||||||
|
|
Loading…
Reference in New Issue