commit ed55fcd2996930bf58b9bb57e9ba7b1f3a753c43

Author: Frank Morgner <frankmorgner@gmail.com>

Date:   Mon May 18 17:25:32 2020 +0200

    fixed invalid read

    fixes https://oss-fuzz.com/testcase-detail/5765246676631552

diff --git a/src/libopensc/pkcs15-gemsafeGPK.c b/src/libopensc/pkcs15-gemsafeGPK.c

index e13f3b87..4b80daf2 100644

--- a/src/libopensc/pkcs15-gemsafeGPK.c

+++ b/src/libopensc/pkcs15-gemsafeGPK.c

@@ -205,7 +205,7 @@ static int sc_pkcs15emu_gemsafeGPK_init(sc_pkcs15_card_t *p15card)

 	u8 sysrec[7];

 	int num_keyinfo = 0;

-	keyinfo kinfo[8]; /* will loook for 8 keys */

+	keyinfo kinfo[9]; /* will look for 9 keys */

 	u8 modulus_buf[ 1 + 1024 / 8]; /* tag+modulus */

 	u8 *cp;

 	char buf[256];

@@ -255,9 +255,9 @@ static int sc_pkcs15emu_gemsafeGPK_init(sc_pkcs15_card_t *p15card)

 	/* There may be more then one key in the directory. */

 	/* we need to find them so we can associate them with the */

-	/* the certificate.  The files are 0007 to 000f */

+	/* the certificate.  The files are 0007 to 000F */

-	for (i = 7; i < 16; i++) {

+	for (i = 0x7; i <= 0xF; i++) {

 		path.value[0] = 0x00;

 		path.value[1] = i;

 		path.len = 2;	

@@ -297,7 +297,7 @@ static int sc_pkcs15emu_gemsafeGPK_init(sc_pkcs15_card_t *p15card)

 		while (j--) 

 			*cp++ =  modulus_buf[j + 1];

 		num_keyinfo++;

-	} 

+	}

 	/* Get the gemsafe data with the cert */

 	 sc_format_path("3F000200004", &path);