From 5c2db9dedfe9dbb14ffec24751ca23a69cead94e Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Tue, 22 Nov 2016 20:53:57 +0900
Subject: [PATCH] scd: Fix receive buffer size.

* scd/apdu.c (send_le): Fix the size, adding two for status
bytes to Le.

--

This is long standing bug.  So far, Le was not exact value.
Since forthcoming change will introduce exact value of expected length
of response data, this change is needed.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 scd/apdu.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/scd/apdu.c b/scd/apdu.c
index 54f3b302f..b32fe8014 100644
--- a/scd/apdu.c
+++ b/scd/apdu.c
@@ -3757,8 +3757,9 @@ send_le (int slot, int class, int ins, int p0, int p1,
 
   if (use_extended_length && (le > 256 || le < 0))
     {
-      result_buffer_size = le < 0? 4096 : le;
-      result_buffer = xtrymalloc (result_buffer_size + 10);
+      /* Two more bytes are needed for status bytes.  */
+      result_buffer_size = le < 0? 4096 : (le + 2);
+      result_buffer = xtrymalloc (result_buffer_size);
       if (!result_buffer)
         {
           xfree (apdu_buffer);