Make sure card's strings are Nul terminated
Avoids out of bounds reads when using internal operations with the given string
This commit is contained in:
parent
d953998aa3
commit
d4f1decd15
|
@ -65,12 +65,13 @@ parse_dir_record(sc_card_t *card, u8 ** buf, size_t *buflen, int rec_nr)
|
||||||
sc_app_info_t *app = NULL;
|
sc_app_info_t *app = NULL;
|
||||||
struct sc_aid aid;
|
struct sc_aid aid;
|
||||||
u8 label[128], path[128], ddo[128];
|
u8 label[128], path[128], ddo[128];
|
||||||
size_t label_len = sizeof(label), path_len = sizeof(path), ddo_len = sizeof(ddo);
|
size_t label_len = sizeof(label) - 1, path_len = sizeof(path), ddo_len = sizeof(ddo);
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
LOG_FUNC_CALLED(ctx);
|
LOG_FUNC_CALLED(ctx);
|
||||||
aid.len = sizeof(aid.value);
|
aid.len = sizeof(aid.value);
|
||||||
|
|
||||||
|
memset(label, 0, sizeof(label));
|
||||||
sc_copy_asn1_entry(c_asn1_dirrecord, asn1_dirrecord);
|
sc_copy_asn1_entry(c_asn1_dirrecord, asn1_dirrecord);
|
||||||
sc_copy_asn1_entry(c_asn1_dir, asn1_dir);
|
sc_copy_asn1_entry(c_asn1_dir, asn1_dir);
|
||||||
sc_format_asn1_entry(asn1_dir + 0, asn1_dirrecord, NULL, 0);
|
sc_format_asn1_entry(asn1_dir + 0, asn1_dirrecord, NULL, 0);
|
||||||
|
|
|
@ -100,9 +100,11 @@ int sc_pkcs15_decode_dodf_entry(struct sc_pkcs15_card *p15card,
|
||||||
asn1_data[2];
|
asn1_data[2];
|
||||||
struct sc_asn1_pkcs15_object data_obj = { obj, asn1_com_data_attr, NULL,
|
struct sc_asn1_pkcs15_object data_obj = { obj, asn1_com_data_attr, NULL,
|
||||||
asn1_type_data_attr };
|
asn1_type_data_attr };
|
||||||
size_t label_len = sizeof(info.app_label);
|
size_t label_len = sizeof(info.app_label) - 1;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
|
memset(info.app_label, 0, sizeof(info.app_label));
|
||||||
|
|
||||||
sc_copy_asn1_entry(c_asn1_com_data_attr, asn1_com_data_attr);
|
sc_copy_asn1_entry(c_asn1_com_data_attr, asn1_com_data_attr);
|
||||||
sc_copy_asn1_entry(c_asn1_type_data_attr, asn1_type_data_attr);
|
sc_copy_asn1_entry(c_asn1_type_data_attr, asn1_type_data_attr);
|
||||||
sc_copy_asn1_entry(c_asn1_data, asn1_data);
|
sc_copy_asn1_entry(c_asn1_data, asn1_data);
|
||||||
|
|
|
@ -131,9 +131,9 @@ int sc_pkcs15_parse_tokeninfo(sc_context_t *ctx,
|
||||||
u8 serial[128];
|
u8 serial[128];
|
||||||
size_t serial_len = sizeof(serial);
|
size_t serial_len = sizeof(serial);
|
||||||
u8 mnfid[SC_PKCS15_MAX_LABEL_SIZE];
|
u8 mnfid[SC_PKCS15_MAX_LABEL_SIZE];
|
||||||
size_t mnfid_len = sizeof(mnfid);
|
size_t mnfid_len = sizeof(mnfid) - 1;
|
||||||
u8 label[SC_PKCS15_MAX_LABEL_SIZE];
|
u8 label[SC_PKCS15_MAX_LABEL_SIZE];
|
||||||
size_t label_len = sizeof(label);
|
size_t label_len = sizeof(label) - 1;
|
||||||
u8 last_update[32], profile_indication[SC_PKCS15_MAX_LABEL_SIZE];
|
u8 last_update[32], profile_indication[SC_PKCS15_MAX_LABEL_SIZE];
|
||||||
size_t lupdate_len = sizeof(last_update) - 1, pi_len = sizeof(profile_indication) - 1;
|
size_t lupdate_len = sizeof(last_update) - 1, pi_len = sizeof(profile_indication) - 1;
|
||||||
size_t flags_len = sizeof(ti->flags);
|
size_t flags_len = sizeof(ti->flags);
|
||||||
|
@ -153,6 +153,10 @@ int sc_pkcs15_parse_tokeninfo(sc_context_t *ctx,
|
||||||
struct sc_asn1_entry asn1_toki_attrs[C_ASN1_TOKI_ATTRS_SIZE], asn1_tokeninfo[3], asn1_twlabel[3];
|
struct sc_asn1_entry asn1_toki_attrs[C_ASN1_TOKI_ATTRS_SIZE], asn1_tokeninfo[3], asn1_twlabel[3];
|
||||||
|
|
||||||
memset(last_update, 0, sizeof(last_update));
|
memset(last_update, 0, sizeof(last_update));
|
||||||
|
memset(label, 0, sizeof(label));
|
||||||
|
memset(profile_indication, 0, sizeof(profile_indication));
|
||||||
|
memset(mnfid, 0, sizeof(mnfid));
|
||||||
|
|
||||||
sc_copy_asn1_entry(c_asn1_twlabel, asn1_twlabel);
|
sc_copy_asn1_entry(c_asn1_twlabel, asn1_twlabel);
|
||||||
sc_copy_asn1_entry(c_asn1_toki_attrs, asn1_toki_attrs);
|
sc_copy_asn1_entry(c_asn1_toki_attrs, asn1_toki_attrs);
|
||||||
sc_copy_asn1_entry(c_asn1_tokeninfo, asn1_tokeninfo);
|
sc_copy_asn1_entry(c_asn1_tokeninfo, asn1_tokeninfo);
|
||||||
|
|
Loading…
Reference in New Issue