commit ed55fcd2996930bf58b9bb57e9ba7b1f3a753c43 Author: Frank Morgner Date: Mon May 18 17:25:32 2020 +0200 fixed invalid read fixes https://oss-fuzz.com/testcase-detail/5765246676631552 diff --git a/src/libopensc/pkcs15-gemsafeGPK.c b/src/libopensc/pkcs15-gemsafeGPK.c index e13f3b87..4b80daf2 100644 --- a/src/libopensc/pkcs15-gemsafeGPK.c +++ b/src/libopensc/pkcs15-gemsafeGPK.c @@ -205,7 +205,7 @@ static int sc_pkcs15emu_gemsafeGPK_init(sc_pkcs15_card_t *p15card) u8 sysrec[7]; int num_keyinfo = 0; - keyinfo kinfo[8]; /* will loook for 8 keys */ + keyinfo kinfo[9]; /* will look for 9 keys */ u8 modulus_buf[ 1 + 1024 / 8]; /* tag+modulus */ u8 *cp; char buf[256]; @@ -255,9 +255,9 @@ static int sc_pkcs15emu_gemsafeGPK_init(sc_pkcs15_card_t *p15card) /* There may be more then one key in the directory. */ /* we need to find them so we can associate them with the */ - /* the certificate. The files are 0007 to 000f */ + /* the certificate. The files are 0007 to 000F */ - for (i = 7; i < 16; i++) { + for (i = 0x7; i <= 0xF; i++) { path.value[0] = 0x00; path.value[1] = i; path.len = 2; @@ -297,7 +297,7 @@ static int sc_pkcs15emu_gemsafeGPK_init(sc_pkcs15_card_t *p15card) while (j--) *cp++ = modulus_buf[j + 1]; num_keyinfo++; - } + } /* Get the gemsafe data with the cert */ sc_format_path("3F000200004", &path);