diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-02-23 11:10:04 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-02-23 16:44:20 +0100 |
commit | e2b02861caea3cb9a173e6993640b4e7112bdb44 (patch) | |
tree | ff06bbf1d036bf1feb8b3fe552ca04835d1b5743 | |
parent | 7860d2791841228bcc655813f7b177644ee381d2 (diff) | |
download | gnutls-e2b02861caea3cb9a173e6993640b4e7112bdb44.tar.gz |
opencdk: read_attribute: account buffer size
That ensures that there is no read past the end of buffer.
Resolves the oss-fuzz found bug:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391
Relates: #159
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/opencdk/read-packet.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c index f5b180b072..d2c420c138 100644 --- a/lib/opencdk/read-packet.c +++ b/lib/opencdk/read-packet.c @@ -514,7 +514,7 @@ read_attribute(cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t attr, pktlen--; } - if (!len || *p != 1) { /* Currently only 1, meaning an image, is defined. */ + if (!len || pktlen == 0 || *p != 1) { /* Currently only 1, meaning an image, is defined. */ rc = CDK_Inv_Packet; goto error; } |