Skip to content

Commit

Permalink
tcos: Check bounds in insert_pin()
Browse files Browse the repository at this point in the history 
Thanks oss-fuzz

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383
  • Loading branch information
@Jakuje @frankmorgner
Jakuje authored and frankmorgner committed Dec 9, 2020
1 parent 6954455 commit 5df913b
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions src/libopensc/pkcs15-tcos.c
View file
Expand Up @@ -242,13 +242,13 @@ static int insert_pin(
"Searching for PIN-Ref %02X\n", pin_reference);
while ((r = sc_read_record(card, ++rec_no, buf, sizeof(buf), SC_RECORD_BY_REC_NR)) > 0) {
int found = 0, fbz = -1;
if (buf[0] != 0xA0)
if (r < 2 || buf[0] != 0xA0)
continue;
for (i = 2; i < buf[1] + 2; i += 2 + buf[i + 1]) {
for (i = 2; i < buf[1] + 2 && (i + 2) < r; i += 2 + buf[i + 1]) {
if (buf[i] == 0x83 && buf[i + 1] == 1 && buf[i + 2] == pin_reference) {
++found;
}
if (buf[i] == 0x90) {
if (buf[i] == 0x90 && (i + 1 + buf[i + 1]) < r) {
fbz = buf[i + 1 + buf[i + 1]];
}
}
Expand Down

0 comments on commit 5df913b

Please sign in to comment.