lib: in ykpiv_transfer_data() handle overflow by exiting
this is detected and printed, but we never exit the function Thanks to Eric Sesterhenn of x41 D-Sec for reporting this issue to us.
This commit is contained in:
committed by
Thordur Bjornsson
parent
5877998f03
commit
01a127a44a
+5
-1
@@ -562,7 +562,11 @@ ykpiv_rc ykpiv_transfer_data(ykpiv_state *state, const unsigned char *templ,
|
|||||||
goto Cleanup;
|
goto Cleanup;
|
||||||
}
|
}
|
||||||
if(*out_len + recv_len - 2 > max_out) {
|
if(*out_len + recv_len - 2 > max_out) {
|
||||||
fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out);
|
if(state->verbose) {
|
||||||
|
fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out);
|
||||||
|
}
|
||||||
|
res = YKPIV_SIZE_ERROR;
|
||||||
|
goto Cleanup;
|
||||||
}
|
}
|
||||||
if(out_data) {
|
if(out_data) {
|
||||||
memcpy(out_data, data, recv_len - 2);
|
memcpy(out_data, data, recv_len - 2);
|
||||||
|
|||||||
Reference in New Issue
Block a user