On Friday 20 July 2007 12:52:40 Gürer Özen wrote:
> On Thursday 19 July 2007 01:10:33 Gürer Özen wrote:
> > asn1_decode_entry() allocates (objlen - 1) bytes for SC_ASN1_UTF8STRING
> > types with SC_ASN1_ALLOC flag, then calls the sc_asn1_decode_utf8string()
> > function which then fails with BUFFER TOO SMALL cause it wants to end the
> > string with an extra NULL.
> >
> > I guess, allocation size was supposed to be objlen + 1 ?
>
> Yep it seems so, attached patch fixes this problem.
But introduces another problem, string length is reported one byte bigger, so
here is the more correct fix :)
--- src/libopensc/asn1-old.c 2007-07-20 12:49:12.000000000 +0300
+++ src/libopensc/asn1.c 2007-07-20 12:59:20.000000000 +0300
@@ -1054,15 +1054,18 @@
assert(len != NULL);
if (entry->flags & SC_ASN1_ALLOC) {
u8 **buf = (u8 **) parm;
- *buf = (u8 *) malloc(objlen-1);
+ *buf = (u8 *) malloc(objlen+1);
if (*buf == NULL) {
r = SC_ERROR_OUT_OF_MEMORY;
break;
}
- *len = objlen-1;
+ *len = objlen+1;
parm = *buf;
}
r = sc_asn1_decode_utf8string(obj, objlen, (u8 *) parm, len);
+ if (entry->flags & SC_ASN1_ALLOC) {
+ *len -= 1;
+ }
}
break;
case SC_ASN1_PATH:
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
