On Friday 20 July 2007 12:52:40 Gürer Özen wrote: > On Thursday 19 July 2007 01:10:33 Gürer Özen wrote: > > asn1_decode_entry() allocates (objlen - 1) bytes for SC_ASN1_UTF8STRING > > types with SC_ASN1_ALLOC flag, then calls the sc_asn1_decode_utf8string() > > function which then fails with BUFFER TOO SMALL cause it wants to end the > > string with an extra NULL. > > > > I guess, allocation size was supposed to be objlen + 1 ? > > Yep it seems so, attached patch fixes this problem.
But introduces another problem, string length is reported one byte bigger, so here is the more correct fix :)
--- src/libopensc/asn1-old.c 2007-07-20 12:49:12.000000000 +0300 +++ src/libopensc/asn1.c 2007-07-20 12:59:20.000000000 +0300 @@ -1054,15 +1054,18 @@ assert(len != NULL); if (entry->flags & SC_ASN1_ALLOC) { u8 **buf = (u8 **) parm; - *buf = (u8 *) malloc(objlen-1); + *buf = (u8 *) malloc(objlen+1); if (*buf == NULL) { r = SC_ERROR_OUT_OF_MEMORY; break; } - *len = objlen-1; + *len = objlen+1; parm = *buf; } r = sc_asn1_decode_utf8string(obj, objlen, (u8 *) parm, len); + if (entry->flags & SC_ASN1_ALLOC) { + *len -= 1; + } } break; case SC_ASN1_PATH:
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel