|
 |
ab1581 |
commit ed55fcd2996930bf58b9bb57e9ba7b1f3a753c43
|
|
|
ab1581 |
Author: Frank Morgner <frankmorgner@gmail.com>
|
|
|
ab1581 |
Date: Mon May 18 17:25:32 2020 +0200
|
|
|
ab1581 |
|
|
|
ab1581 |
fixed invalid read
|
|
|
ab1581 |
|
|
|
ab1581 |
fixes https://oss-fuzz.com/testcase-detail/5765246676631552
|
|
|
ab1581 |
|
|
|
ab1581 |
diff --git a/src/libopensc/pkcs15-gemsafeGPK.c b/src/libopensc/pkcs15-gemsafeGPK.c
|
|
|
ab1581 |
index e13f3b87..4b80daf2 100644
|
|
|
ab1581 |
--- a/src/libopensc/pkcs15-gemsafeGPK.c
|
|
|
ab1581 |
+++ b/src/libopensc/pkcs15-gemsafeGPK.c
|
|
|
ab1581 |
@@ -205,7 +205,7 @@ static int sc_pkcs15emu_gemsafeGPK_init(sc_pkcs15_card_t *p15card)
|
|
|
ab1581 |
|
|
|
ab1581 |
u8 sysrec[7];
|
|
|
ab1581 |
int num_keyinfo = 0;
|
|
|
ab1581 |
- keyinfo kinfo[8]; /* will loook for 8 keys */
|
|
|
ab1581 |
+ keyinfo kinfo[9]; /* will look for 9 keys */
|
|
|
ab1581 |
u8 modulus_buf[ 1 + 1024 / 8]; /* tag+modulus */
|
|
|
ab1581 |
u8 *cp;
|
|
|
ab1581 |
char buf[256];
|
|
|
ab1581 |
@@ -255,9 +255,9 @@ static int sc_pkcs15emu_gemsafeGPK_init(sc_pkcs15_card_t *p15card)
|
|
|
ab1581 |
|
|
|
ab1581 |
/* There may be more then one key in the directory. */
|
|
|
ab1581 |
/* we need to find them so we can associate them with the */
|
|
|
ab1581 |
- /* the certificate. The files are 0007 to 000f */
|
|
|
ab1581 |
+ /* the certificate. The files are 0007 to 000F */
|
|
|
ab1581 |
|
|
|
ab1581 |
- for (i = 7; i < 16; i++) {
|
|
|
ab1581 |
+ for (i = 0x7; i <= 0xF; i++) {
|
|
|
ab1581 |
path.value[0] = 0x00;
|
|
|
ab1581 |
path.value[1] = i;
|
|
|
ab1581 |
path.len = 2;
|
|
|
ab1581 |
@@ -297,7 +297,7 @@ static int sc_pkcs15emu_gemsafeGPK_init(sc_pkcs15_card_t *p15card)
|
|
|
ab1581 |
while (j--)
|
|
|
ab1581 |
*cp++ = modulus_buf[j + 1];
|
|
|
ab1581 |
num_keyinfo++;
|
|
|
ab1581 |
- }
|
|
|
ab1581 |
+ }
|
|
|
ab1581 |
|
|
|
ab1581 |
/* Get the gemsafe data with the cert */
|
|
|
ab1581 |
sc_format_path("3F000200004", &path);
|