lib: in ykpiv_transfer_data() handle overflow by exiting

this is detected and printed, but we never exit the function

Thanks to Eric Sesterhenn of x41 D-Sec for reporting this issue to us.
This commit is contained in:
Klas Lindfors
2018-05-22 13:31:20 +02:00
committed by Thordur Bjornsson
parent 5877998f03
commit 01a127a44a
+4
View File
@@ -562,8 +562,12 @@ ykpiv_rc ykpiv_transfer_data(ykpiv_state *state, const unsigned char *templ,
goto Cleanup; goto Cleanup;
} }
if(*out_len + recv_len - 2 > max_out) { if(*out_len + recv_len - 2 > max_out) {
if(state->verbose) {
fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out); fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out);
} }
res = YKPIV_SIZE_ERROR;
goto Cleanup;
}
if(out_data) { if(out_data) {
memcpy(out_data, data, recv_len - 2); memcpy(out_data, data, recv_len - 2);
out_data += recv_len - 2; out_data += recv_len - 2;