1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-21 14:47:03 +01:00

scd: Fix memory leak in ccid-driver.

* scd/ccid-driver.c (ccid_dev_scan): Use loop var and not the count.
--

Due to an assignment out of bounds this might lead to a crash if there
are more than 15 readers.  In any case it fixes a memory leak.
Kudos to the friendly auditor who found that bug.

Fixes-commit: 8a41e73c31adb86d4a7dca4da695e5ad1347811f
This commit is contained in:
Werner Koch 2022-04-14 10:04:56 +02:00
parent 61038be813
commit 8ac92f0e80
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B

View File

@ -1428,15 +1428,15 @@ ccid_dev_scan (int *idx_max_p, void **t_p)
{ {
for (i = 0; i < idx; i++) for (i = 0; i < idx; i++)
{ {
free (ccid_dev_table[idx].ifcdesc_extra); free (ccid_dev_table[i].ifcdesc_extra);
ccid_dev_table[idx].n = 0; ccid_dev_table[i].n = 0;
ccid_dev_table[idx].interface_number = 0; ccid_dev_table[i].interface_number = 0;
ccid_dev_table[idx].setting_number = 0; ccid_dev_table[i].setting_number = 0;
ccid_dev_table[idx].ifcdesc_extra = NULL; ccid_dev_table[i].ifcdesc_extra = NULL;
ccid_dev_table[idx].ifcdesc_extra_len = 0; ccid_dev_table[i].ifcdesc_extra_len = 0;
ccid_dev_table[idx].ep_bulk_out = 0; ccid_dev_table[i].ep_bulk_out = 0;
ccid_dev_table[idx].ep_bulk_in = 0; ccid_dev_table[i].ep_bulk_in = 0;
ccid_dev_table[idx].ep_intr = 0; ccid_dev_table[i].ep_intr = 0;
} }
libusb_free_device_list (ccid_usb_dev_list, 1); libusb_free_device_list (ccid_usb_dev_list, 1);
ccid_usb_dev_list = NULL; ccid_usb_dev_list = NULL;