Skip to content
Permalink
Browse files Browse the repository at this point in the history
cac1: Correctly handle the buffer limits
  • Loading branch information
Jakuje authored and frankmorgner committed Nov 1, 2019
1 parent bfa8415 commit b75c002
Showing 1 changed file with 8 additions and 6 deletions.
14 changes: 8 additions & 6 deletions src/libopensc/card-cac1.c
Expand Up @@ -69,17 +69,16 @@ static int cac_cac1_get_certificate(sc_card_t *card, u8 **out_buf, size_t *out_l
u8 *out_ptr;
size_t size = 0;
size_t left = 0;
size_t len, next_len;
size_t len;
sc_apdu_t apdu;
int r = SC_SUCCESS;
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
/* get the size */
size = left = *out_buf ? *out_len : sizeof(buf);
out_ptr = *out_buf ? *out_buf : buf;
sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, CAC_INS_GET_CERTIFICATE, 0, 0 );
next_len = MIN(left, 100);
for (; left > 0; left -= len, out_ptr += len) {
len = next_len;
len = MIN(left, 100);
for (; left > 0;) { /* Increments for readability in the end of the function */
apdu.resp = out_ptr;
apdu.le = len;
apdu.resplen = left;
Expand All @@ -98,7 +97,10 @@ static int cac_cac1_get_certificate(sc_card_t *card, u8 **out_buf, size_t *out_l
left -= len;
break;
}
next_len = MIN(left, apdu.sw2);
/* Adjust the lengths */
left -= len;
out_ptr += len;
len = MIN(left, apdu.sw2);
}
if (r < 0) {
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r);
Expand Down Expand Up @@ -128,7 +130,7 @@ static int cac_read_binary(sc_card_t *card, unsigned int idx,
int r = 0;
u8 *val = NULL;
u8 *cert_ptr;
size_t val_len;
size_t val_len = 0;
size_t len, cert_len;
u8 cert_type;

Expand Down

0 comments on commit b75c002

Please sign in to comment.