From e7d53ceb4540899b98ec3f0c3f5afbcaed376680 Mon Sep 17 00:00:00 2001 From: Klas Lindfors Date: Tue, 8 Dec 2015 14:12:29 +0100 Subject: [PATCH] fix an old overflow bug we need to do 8 - new_len, not 16 - new_len which overflows the indata buffer --- tool/yubico-piv-tool.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tool/yubico-piv-tool.c b/tool/yubico-piv-tool.c index f04b6e0..d2b3383 100644 --- a/tool/yubico-piv-tool.c +++ b/tool/yubico-piv-tool.c @@ -1013,7 +1013,7 @@ static bool change_pin(ykpiv_state *state, enum enum_action action, const char * } memcpy(indata + 8, new_pin, new_len); if(new_len < 8) { - memset(indata + 8 + new_len, 0xff, 16 - new_len); + memset(indata + 8 + new_len, 0xff, 8 - new_len); } if(ykpiv_transfer_data(state, templ, indata, sizeof(indata), data, &recv_len, &sw) != YKPIV_OK) { return false;