From f39f2244bb5f4e9e7d2bc780917c87a827db040d Mon Sep 17 00:00:00 2001
From: okir <okir@c6295689-39f2-0310-b995-f0e70906c6a9>
Date: Wed, 6 Mar 2002 12:32:42 +0000
Subject: [PATCH] - SECURITY: Fixed buffer overflow

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@263 c6295689-39f2-0310-b995-f0e70906c6a9
---
 src/libopensc/pkcs15.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/libopensc/pkcs15.c b/src/libopensc/pkcs15.c
index a93780c6..ebf50ca9 100644
--- a/src/libopensc/pkcs15.c
+++ b/src/libopensc/pkcs15.c
@@ -536,7 +536,12 @@ int sc_pkcs15_bind(struct sc_card *card,
 	err = sc_select_file(card, &tmppath, &p15card->file_odf);
 	if (err) /* FIXME: finish writing error reporting stuff */
 		goto error;
-	err = sc_read_binary(card, 0, buf, p15card->file_odf->size, 0);
+
+	/* XXX: fix buffer overflow. Silently truncate ODF if it
+	 * is too large.  --okir */
+	if ((len = p15card->file_odf->size) > sizeof(buf))
+		len = sizeof(buf);
+	err = sc_read_binary(card, 0, buf, len, 0);
 	if (err < 0)
 		goto error;
 	if (err < 2) {