pkcs15init: Avoid buffer overrun

Jakuje · frankmorgner · commit 24869e777503 · 2025-12-19T13:31:20.000+01:00
The maximum path length is 16 bytes and if we want to extend the path, we need to make sure its not too long. Thanks oss-fuzz. https://issues.oss-fuzz.com/issues/467161860 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
diff --git a/src/pkcs15init/pkcs15-cflex.c b/src/pkcs15init/pkcs15-cflex.c
@@ -539,6 +539,9 @@ cflex_create_pin_file(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
 
 	/* Build the CHV path */
 	path = *df_path;
+	if (path.len > SC_MAX_PATH_SIZE - 2) {
+		return SC_ERROR_INVALID_ARGUMENTS;
+	}
 	path.value[path.len++] = ref - 1;
 	path.value[path.len++] = 0;
 
