From ef3e2239173cd8ab9714171f122aed24eb93b577 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 11 Nov 2019 13:54:26 +0100
Subject: [PATCH] coolkey: Do not interpret empty answers as success

Thanks to oss-fuzz

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18868
---
 src/libopensc/card-coolkey.c | 38 +++++++++++++++++++++---------------
 1 file changed, 22 insertions(+), 16 deletions(-)

diff --git a/src/libopensc/card-coolkey.c b/src/libopensc/card-coolkey.c
index 0ba7f7d7..53da0abc 100644
--- a/src/libopensc/card-coolkey.c
+++ b/src/libopensc/card-coolkey.c
@@ -1052,30 +1052,36 @@ coolkey_get_life_cycle(sc_card_t *card, coolkey_life_cycle_t *life_cycle)
 {
 	coolkey_status_t status;
 	u8 *receive_buf;
-	size_t len;
-	int r;
+	size_t receive_len;
+	int len;
 
-	len = sizeof(*life_cycle);
+	receive_len = sizeof(*life_cycle);
 	receive_buf = (u8 *)life_cycle;
-	r = coolkey_apdu_io(card, COOLKEY_CLASS, COOLKEY_INS_GET_LIFE_CYCLE, 0, 0,
-			NULL, 0, &receive_buf, &len, NULL, 0);
-	if (r == sizeof(*life_cycle)) {
+	len = coolkey_apdu_io(card, COOLKEY_CLASS, COOLKEY_INS_GET_LIFE_CYCLE, 0, 0,
+			NULL, 0, &receive_buf, &receive_len, NULL, 0);
+	if (len == sizeof(*life_cycle)) {
 		return SC_SUCCESS;
 	}
 
-	len = 1;
+	receive_len = 1;
 	receive_buf = &life_cycle->life_cycle;
-	r = coolkey_apdu_io(card, COOLKEY_CLASS, COOLKEY_INS_GET_LIFE_CYCLE, 0, 0,
-			NULL, 0, &receive_buf, &len, NULL, 0);
-	if (r < 0) {
-		return r;
+	len = coolkey_apdu_io(card, COOLKEY_CLASS, COOLKEY_INS_GET_LIFE_CYCLE, 0, 0,
+			NULL, 0, &receive_buf, &receive_len, NULL, 0);
+	if (len < 0) { /* Error from the trasmittion */
+		return len;
 	}
-	len = sizeof(status);
+	if (len != 1) { /* The returned data is invalid */
+		return SC_ERROR_INTERNAL;
+	}
+	receive_len = sizeof(status);
 	receive_buf = (u8 *)&status;
-	r = coolkey_apdu_io(card, COOLKEY_CLASS, COOLKEY_INS_GET_STATUS, 0, 0,
-			NULL, 0, &receive_buf, &len, NULL, 0);
-	if (r < 0) {
-		return r;
+	len = coolkey_apdu_io(card, COOLKEY_CLASS, COOLKEY_INS_GET_STATUS, 0, 0,
+			NULL, 0, &receive_buf, &receive_len, NULL, 0);
+	if (len < 0) { /* Error from the trasmittion */
+		return len;
+	}
+	if (len != sizeof(status)) { /* The returned data is invalid */
+		return SC_ERROR_INTERNAL;
 	}
 	life_cycle->protocol_version_major = status.protocol_version_major;
 	life_cycle->protocol_version_minor = status.protocol_version_minor;