[pkg-opensc-commit] [opensc] 31/50: libopensc: sc_hex_to_bin() accepts hex string with length 1

[Eric Dorland]

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to branch master
in repository opensc.

commit ca2c1c56c8651106488a3babee3088acb5358f83
Author: Viktor Tarasov <viktor.tarasov at gmail.com>
Date:   Fri May 6 10:33:35 2016 +0200

    libopensc: sc_hex_to_bin() accepts hex string with length 1
    
    fix issue #751
---
 src/libopensc/pkcs15.c | 10 ++++++++--
 src/libopensc/sc.c     |  9 ++++++---
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/src/libopensc/pkcs15.c b/src/libopensc/pkcs15.c
index c1bf176..f3b671c 100644
--- a/src/libopensc/pkcs15.c
+++ b/src/libopensc/pkcs15.c
@@ -2424,9 +2424,15 @@ sc_pkcs15_compare_id(const struct sc_pkcs15_id *id1, const struct sc_pkcs15_id *
 void
 sc_pkcs15_format_id(const char *str, struct sc_pkcs15_id *id)
 {
-	size_t len = sizeof(id->value);
+	size_t len;
+
+	if (!id)
+		return;
+	len = sizeof(id->value);
 
-	if (sc_hex_to_bin(str, id->value, &len) >= 0)
+	if (sc_hex_to_bin(str, id->value, &len) != SC_SUCCESS)
+		id->len = 0;
+	else
 		id->len = len;
 }
 
diff --git a/src/libopensc/sc.c b/src/libopensc/sc.c
index b378d55..e6e7104 100644
--- a/src/libopensc/sc.c
+++ b/src/libopensc/sc.c
@@ -50,10 +50,11 @@ const char *sc_get_version(void)
 int sc_hex_to_bin(const char *in, u8 *out, size_t *outlen)
 {
 	int err = SC_SUCCESS;
-	size_t left, count = 0;
+	size_t left, count = 0, in_len;
 
 	assert(in != NULL && out != NULL && outlen != NULL);
 	left = *outlen;
+	in_len = strlen(in);
 
 	while (*in != '\0') {
 		int byte = 0, nybbles = 2;
@@ -76,11 +77,13 @@ int sc_hex_to_bin(const char *in, u8 *out, size_t *outlen)
 			}
 			byte |= c;
 		}
-		// Detect premature end of string before byte is complete
-		if (!*in && nybbles >= 0) {
+
+		/* Detect premature end of string before byte is complete */
+		if (in_len > 1 && *in == '\0' && nybbles >= 0) {
 			err = SC_ERROR_INVALID_ARGUMENTS;
 			break;
 		}
+
 		if (*in == ':' || *in == ' ')
 			in++;
 		if (left <= 0) {

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/opensc.git