lib: in ykpiv_transfer_data() handle overflow by exiting

this is detected and printed, but we never exit the function

Thanks to Eric Sesterhenn of x41 D-Sec for reporting this issue to us.
This commit is contained in:
Klas Lindfors
2018-05-22 13:31:20 +02:00
committed by Thordur Bjornsson
parent 5877998f03
commit 01a127a44a
+5 -1
View File
@@ -562,7 +562,11 @@ ykpiv_rc ykpiv_transfer_data(ykpiv_state *state, const unsigned char *templ,
goto Cleanup;
}
if(*out_len + recv_len - 2 > max_out) {
fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out);
if(state->verbose) {
fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out);
}
res = YKPIV_SIZE_ERROR;
goto Cleanup;
}
if(out_data) {
memcpy(out_data, data, recv_len - 2);