opencdk: read_attribute: account buffer size

That ensures that there is no read past the end of buffer.

Resolves the oss-fuzz found bug:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391

Relates: #159

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
index f5b180b072cf924d3fb87d7065588265c3494bb4..d2c420c1381f38ec22221a0bfd77907f1c428959 100644 (file)
--- a/lib/opencdk/read-packet.c
+++ b/lib/opencdk/read-packet.c
@@ -514,7 +514,7 @@ read_attribute(cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t attr,
                pktlen--;
        }
 
-       if (!len || *p != 1) {          /* Currently only 1, meaning an image, is defined. */
+       if (!len || pktlen == 0 || *p != 1) {   /* Currently only 1, meaning an image, is defined. */
                rc = CDK_Inv_Packet;
                goto error;
        }