asn1_decode_entry() allocates (objlen - 1) bytes for SC_ASN1_UTF8STRING
types with SC_ASN1_ALLOC flag, then calls the sc_asn1_decode_utf8string() function which then fails with BUFFER TOO SMALL cause it wants to end the string with an extra NULL. allocation size was supposed to be objlen + 1. Patch by Gürer Özen git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3225 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
b757ff1719
commit
d59917cd21
@ -1054,15 +1054,18 @@ static int asn1_decode_entry(sc_context_t *ctx,struct sc_asn1_entry *entry,
|
|||||||
assert(len != NULL);
|
assert(len != NULL);
|
||||||
if (entry->flags & SC_ASN1_ALLOC) {
|
if (entry->flags & SC_ASN1_ALLOC) {
|
||||||
u8 **buf = (u8 **) parm;
|
u8 **buf = (u8 **) parm;
|
||||||
*buf = (u8 *) malloc(objlen-1);
|
*buf = (u8 *) malloc(objlen+1);
|
||||||
if (*buf == NULL) {
|
if (*buf == NULL) {
|
||||||
r = SC_ERROR_OUT_OF_MEMORY;
|
r = SC_ERROR_OUT_OF_MEMORY;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
*len = objlen-1;
|
*len = objlen+1;
|
||||||
parm = *buf;
|
parm = *buf;
|
||||||
}
|
}
|
||||||
r = sc_asn1_decode_utf8string(obj, objlen, (u8 *) parm, len);
|
r = sc_asn1_decode_utf8string(obj, objlen, (u8 *) parm, len);
|
||||||
|
if (entry->flags & SC_ASN1_ALLOC) {
|
||||||
|
*len -= 1;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case SC_ASN1_PATH:
|
case SC_ASN1_PATH:
|
||||||
|
Loading…
Reference in New Issue
Block a user