giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Make sure card's strings are Nul terminated 

Avoids out of bounds reads when using internal operations with the given string
This commit is contained in:
Frank Morgner 2019-03-03 15:52:57 +01:00
parent d953998aa3
commit d4f1decd15
3 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/libopensc/dir.c
View File

@ -65,12 +65,13 @@ parse_dir_record(sc_card_t *card, u8 ** buf, size_t *buflen, int rec_nr)
sc_app_info_t *app = NULL;
struct sc_aid aid;
u8 label[128], path[128], ddo[128];
size_t label_len = sizeof(label), path_len = sizeof(path), ddo_len = sizeof(ddo);
size_t label_len = sizeof(label) - 1, path_len = sizeof(path), ddo_len = sizeof(ddo);
int r;
LOG_FUNC_CALLED(ctx);
aid.len = sizeof(aid.value);
memset(label, 0, sizeof(label));
sc_copy_asn1_entry(c_asn1_dirrecord, asn1_dirrecord);
sc_copy_asn1_entry(c_asn1_dir, asn1_dir);
sc_format_asn1_entry(asn1_dir + 0, asn1_dirrecord, NULL, 0);

4
src/libopensc/pkcs15-data.c
View File

@ -100,9 +100,11 @@ int sc_pkcs15_decode_dodf_entry(struct sc_pkcs15_card *p15card,
asn1_data[2];
struct sc_asn1_pkcs15_object data_obj = { obj, asn1_com_data_attr, NULL,
asn1_type_data_attr };
size_t label_len = sizeof(info.app_label);
size_t label_len = sizeof(info.app_label) - 1;
int r;
memset(info.app_label, 0, sizeof(info.app_label));
sc_copy_asn1_entry(c_asn1_com_data_attr, asn1_com_data_attr);
sc_copy_asn1_entry(c_asn1_type_data_attr, asn1_type_data_attr);
sc_copy_asn1_entry(c_asn1_data, asn1_data);

8
src/libopensc/pkcs15.c
View File

@ -131,9 +131,9 @@ int sc_pkcs15_parse_tokeninfo(sc_context_t *ctx,
u8 serial[128];
size_t serial_len = sizeof(serial);
u8 mnfid[SC_PKCS15_MAX_LABEL_SIZE];
size_t mnfid_len = sizeof(mnfid);
size_t mnfid_len = sizeof(mnfid) - 1;
u8 label[SC_PKCS15_MAX_LABEL_SIZE];
size_t label_len = sizeof(label);
size_t label_len = sizeof(label) - 1;
u8 last_update[32], profile_indication[SC_PKCS15_MAX_LABEL_SIZE];
size_t lupdate_len = sizeof(last_update) - 1, pi_len = sizeof(profile_indication) - 1;
size_t flags_len = sizeof(ti->flags);
@ -153,6 +153,10 @@ int sc_pkcs15_parse_tokeninfo(sc_context_t *ctx,
struct sc_asn1_entry asn1_toki_attrs[C_ASN1_TOKI_ATTRS_SIZE], asn1_tokeninfo[3], asn1_twlabel[3];
memset(last_update, 0, sizeof(last_update));
memset(label, 0, sizeof(label));
memset(profile_indication, 0, sizeof(profile_indication));
memset(mnfid, 0, sizeof(mnfid));
sc_copy_asn1_entry(c_asn1_twlabel, asn1_twlabel);
sc_copy_asn1_entry(c_asn1_toki_attrs, asn1_toki_attrs);
sc_copy_asn1_entry(c_asn1_tokeninfo, asn1_tokeninfo);