commit 6903aebfddc466d966c7b865fae34572bf3ed23e Author: Frank Morgner Date: Thu Jul 30 02:21:17 2020 +0200 Heap-buffer-overflow WRITE fixes https://oss-fuzz.com/testcase-detail/5088104168554496 diff --git a/src/libopensc/pkcs15-oberthur.c b/src/libopensc/pkcs15-oberthur.c index a873aaa0..2fb32b8d 100644 --- a/src/libopensc/pkcs15-oberthur.c +++ b/src/libopensc/pkcs15-oberthur.c @@ -271,11 +271,15 @@ sc_oberthur_read_file(struct sc_pkcs15_card *p15card, const char *in_path, rv = sc_read_binary(card, 0, *out, sz, 0); } else { - int rec; - int offs = 0; - int rec_len = file->record_length; + size_t rec; + size_t offs = 0; + size_t rec_len = file->record_length; for (rec = 1; ; rec++) { + if (rec > file->record_count) { + rv = 0; + break; + } rv = sc_read_record(card, rec, *out + offs + 2, rec_len, SC_RECORD_BY_REC_NR); if (rv == SC_ERROR_RECORD_NOT_FOUND) { rv = 0;