scd: Take care of possible buffer overflow in do_auth.

* scd/app-openpgp.c (do_auth): Check the length in the heuristic. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2025-06-11 18:01:03 +02:00 · 2025-06-05 10:21:48 +09:00 · 2025-06-05 10:21:48 +09:00 · 27e6622322
commit 27e6622322
parent eb7d5d4d85
1 changed files with 3 additions and 1 deletions
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@ -5641,13 +5641,15 @@ do_auth (app_t app, ctrl_t ctrl, const char *keyidstr,

  if (app->app_local->keyattr[2].key_type == KEY_TYPE_ECC)
    {
+      /* This is a heuristic to strip off the OID of digest.  Fully
+         implemented, it would be use of X macro in do_sign above.  */
      if (indatalen == 51 || indatalen == 67 || indatalen == 83)
        {
          const char *p = (const char *)indata + 19;
          indata = p;
          indatalen -= 19;
        }
-      else
+      else if (indatalen > 15)
        {
          const char *p = (const char *)indata + 15;
          indata = p;