From 01a127a44a2229ea14195208e444ec526eaf45f4 Mon Sep 17 00:00:00 2001 From: Klas Lindfors Date: Tue, 22 May 2018 13:31:20 +0200 Subject: [PATCH] lib: in ykpiv_transfer_data() handle overflow by exiting this is detected and printed, but we never exit the function Thanks to Eric Sesterhenn of x41 D-Sec for reporting this issue to us. --- lib/ykpiv.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/ykpiv.c b/lib/ykpiv.c index 661ddba..4e65128 100644 --- a/lib/ykpiv.c +++ b/lib/ykpiv.c @@ -562,7 +562,11 @@ ykpiv_rc ykpiv_transfer_data(ykpiv_state *state, const unsigned char *templ, goto Cleanup; } if(*out_len + recv_len - 2 > max_out) { - fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out); + if(state->verbose) { + fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out); + } + res = YKPIV_SIZE_ERROR; + goto Cleanup; } if(out_data) { memcpy(out_data, data, recv_len - 2);