giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

tcos: Prevent buffer underflow 

Thanks oss-fuzz

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22995
This commit is contained in:
Jakub Jelen 2020-06-04 10:54:39 +02:00 committed by Frank Morgner
parent d141b35596
commit fa719b301f
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/libopensc/card-tcos.c
View File

@ -559,11 +559,14 @@ static int tcos_compute_signature(sc_card_t *card, const u8 * data, size_t datal
memcpy(sbuf, data, datalen);
dlen=datalen;
} else {
size_t keylen= tcos3 ? 256 : 128;
size_t keylen = tcos3 ? 256 : 128;
if (datalen > keylen) {
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS);
}
sc_format_apdu(card, &apdu, keylen>255 ? SC_APDU_CASE_4_EXT : SC_APDU_CASE_4_SHORT, 0x2A,0x80,0x86);
for(i=0; i<sizeof(sbuf);++i) sbuf[i]=0xff;
if (keylen < datalen)
return SC_ERROR_INVALID_ARGUMENTS;
sbuf[0]=0x02; sbuf[1]=0x00; sbuf[2]=0x01; sbuf[keylen-datalen]=0x00;
memcpy(sbuf+keylen-datalen+1, data, datalen);
dlen=keylen+1;