lib: in ykpiv_transfer_data() handle overflow by exiting
this is detected and printed, but we never exit the function Thanks to Eric Sesterhenn of x41 D-Sec for reporting this issue to us.
This commit is contained in:
committed by
Thordur Bjornsson
parent
5877998f03
commit
01a127a44a
@@ -562,8 +562,12 @@ ykpiv_rc ykpiv_transfer_data(ykpiv_state *state, const unsigned char *templ,
|
||||
goto Cleanup;
|
||||
}
|
||||
if(*out_len + recv_len - 2 > max_out) {
|
||||
if(state->verbose) {
|
||||
fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out);
|
||||
}
|
||||
res = YKPIV_SIZE_ERROR;
|
||||
goto Cleanup;
|
||||
}
|
||||
if(out_data) {
|
||||
memcpy(out_data, data, recv_len - 2);
|
||||
out_data += recv_len - 2;
|
||||
|
||||
Reference in New Issue
Block a user