mirror of git://git.gnupg.org/gnupg.git
scd: Fix memory leak in ccid-driver.
* scd/ccid-driver.c (ccid_dev_scan): Use loop var and not the count.
--
Due to an assignment out of bounds this might lead to a crash if there
are more than 15 readers. In any case it fixes a memory leak.
Kudos to the friendly auditor who found that bug.
Fixes-commit: 8a41e73c31
This commit is contained in:
parent
e99670f944
commit
c4b14be48f
|
@ -1441,15 +1441,15 @@ ccid_dev_scan (int *idx_max_p, void **t_p)
|
|||
{
|
||||
for (i = 0; i < idx; i++)
|
||||
{
|
||||
free (ccid_dev_table[idx].ifcdesc_extra);
|
||||
ccid_dev_table[idx].n = 0;
|
||||
ccid_dev_table[idx].interface_number = 0;
|
||||
ccid_dev_table[idx].setting_number = 0;
|
||||
ccid_dev_table[idx].ifcdesc_extra = NULL;
|
||||
ccid_dev_table[idx].ifcdesc_extra_len = 0;
|
||||
ccid_dev_table[idx].ep_bulk_out = 0;
|
||||
ccid_dev_table[idx].ep_bulk_in = 0;
|
||||
ccid_dev_table[idx].ep_intr = 0;
|
||||
free (ccid_dev_table[i].ifcdesc_extra);
|
||||
ccid_dev_table[i].n = 0;
|
||||
ccid_dev_table[i].interface_number = 0;
|
||||
ccid_dev_table[i].setting_number = 0;
|
||||
ccid_dev_table[i].ifcdesc_extra = NULL;
|
||||
ccid_dev_table[i].ifcdesc_extra_len = 0;
|
||||
ccid_dev_table[i].ep_bulk_out = 0;
|
||||
ccid_dev_table[i].ep_bulk_in = 0;
|
||||
ccid_dev_table[i].ep_intr = 0;
|
||||
}
|
||||
libusb_free_device_list (ccid_usb_dev_list, 1);
|
||||
ccid_usb_dev_list = NULL;
|
||||
|
|
Loading…
Reference in New Issue