giomba/opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

asn1_decode_entry() allocates (objlen - 1) bytes for SC_ASN1_UTF8STRING

Browse Source 
types with SC_ASN1_ALLOC flag, then calls the sc_asn1_decode_utf8string()
function which then fails with BUFFER TOO SMALL cause it wants to end the
string with an extra NULL.

allocation size was supposed to be objlen + 1.

Patch by Gürer Özen


git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3225 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
aj 2007-07-20 12:30:59 +00:00
parent b757ff1719
commit d59917cd21
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/libopensc/asn1.c
View File

@ -1054,15 +1054,18 @@ static int asn1_decode_entry(sc_context_t *ctx,struct sc_asn1_entry *entry,
assert(len != NULL);
if (entry->flags & SC_ASN1_ALLOC) {
u8 **buf = (u8 **) parm;
*buf = (u8 *) malloc(objlen-1);
*buf = (u8 *) malloc(objlen+1);
if (*buf == NULL) {
r = SC_ERROR_OUT_OF_MEMORY;
break;
}
*len = objlen-1;
*len = objlen+1;
parm = *buf;
}
r = sc_asn1_decode_utf8string(obj, objlen, (u8 *) parm, len);
if (entry->flags & SC_ASN1_ALLOC) {
*len -= 1;
}
}
break;
case SC_ASN1_PATH: