Changeset 8346


Ignore:
Timestamp:
02/12/13 02:58:23 (10 years ago)
Author:
gf
Message:

csctapi/protocol_t0: Fix possible use of uninitialized data.

The bug was found by Gorgone.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/csctapi/protocol_t0.c

    r8236 r8346  
    270270    unsigned char buffer[PROTOCOL_T0_MAX_SHORT_COMMAND];
    271271    unsigned char tpdu_rsp[CTA_RES_LEN];
     272    memset(tpdu_rsp, 0, sizeof(tpdu_rsp));
    272273    uint16_t tpdu_lr = 0;
    273274    int32_t Le;
     
    289290    {
    290291        Le = ((((uint32_t)(command[command_len - 2]) << 8) | command[command_len - 1]) == 0 ? 65536 : (((uint32_t)(command[command_len - 2]) << 8) | command[command_len - 1]));
    291         if (tpdu_rsp[tpdu_lr - 2] == 0x61)
     292        if (tpdu_lr > 1 && tpdu_rsp[tpdu_lr - 2] == 0x61)
    292293        {
    293294            /* Lm == (Le - APDU_Rsp_RawLen (tpdu_rsp)) == 0 */
     
    308309            ret = Protocol_T0_Case3E (reader, buffer, rsp, lr);
    309310        }
    310         else if ((tpdu_rsp[tpdu_lr - 2] & 0xF0) == 0x60)
     311        else if (tpdu_lr > 1 && (tpdu_rsp[tpdu_lr - 2] & 0xF0) == 0x60)
    311312        {
    312313            /* Map response TPDU onto APDU without change */
Note: See TracChangeset for help on using the changeset viewer.