On Thursday 19 July 2007 01:10:33 Gürer Özen wrote:
> asn1_decode_entry() allocates (objlen - 1) bytes for SC_ASN1_UTF8STRING
> types with SC_ASN1_ALLOC flag, then calls the sc_asn1_decode_utf8string()
> function which then fails with BUFFER TOO SMALL cause it wants to end the
> string with an extra NULL.
>
> I guess, allocation size was supposed to be objlen + 1 ?
Yep it seems so, attached patch fixes this problem.
--- src/libopensc/asn1-old.c 2007-07-20 12:49:12.000000000 +0300
+++ src/libopensc/asn1.c 2007-07-20 12:50:01.000000000 +0300
@@ -1054,12 +1054,12 @@
assert(len != NULL);
if (entry->flags & SC_ASN1_ALLOC) {
u8 **buf = (u8 **) parm;
- *buf = (u8 *) malloc(objlen-1);
+ *buf = (u8 *) malloc(objlen+1);
if (*buf == NULL) {
r = SC_ERROR_OUT_OF_MEMORY;
break;
}
- *len = objlen-1;
+ *len = objlen+1;
parm = *buf;
}
r = sc_asn1_decode_utf8string(obj, objlen, (u8 *) parm, len);
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
