From 5376fa1d7a8f207a075602c81e6e5e993abe2bd3 Mon Sep 17 00:00:00 2001
From: Ludovic Rousseau <ludovic.rousseau@free.fr>
Date: Sat, 8 Aug 2020 16:34:21 +0200
Subject: [PATCH 3/6] ReadUSB: fix potential read of uninitialized buffer

Thanks to Maksim Ivanov for the bug report
"[Pcsclite-muscle] Insufficient checks in CCID"
http://lists.infradead.org/pipermail/pcsclite-muscle/2020-August/001098.html

" Hello,

The CCID free software driver is missing a few checks and graceful
handling of some error cases:

5. Read of uninitialized buffer in ReadUSB() at
https://salsa.debian.org/rousseau/CCID/-/blob/4d5cbf703c268b31c734931166c52dcb9920c0fe/src/ccid_usb.c#L912
. (Because of the wrong ">=" size check - it should be a strict ">".) "
---
 src/ccid_usb.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ccid_usb.c b/src/ccid_usb.c
index 48fdc5c..85fce4a 100644
--- a/src/ccid_usb.c
+++ b/src/ccid_usb.c
@@ -908,7 +908,7 @@ read_again:
 	DEBUG_XXD(debug_header, buffer, *length);
 
 #define BSEQ_OFFSET 6
-	if ((*length >= BSEQ_OFFSET)
+	if ((*length >= BSEQ_OFFSET +1)
 		&& (buffer[BSEQ_OFFSET] < *ccid_descriptor->pbSeq -1))
 	{
 		duplicate_frame++;
-- 
1.8.3.1