File opensc-0_18_0-CVE-2019-19481.patch of Package opensc.11155

Index: opensc-0.18.0/src/libopensc/card-cac.c
===================================================================
--- opensc-0.18.0.orig/src/libopensc/card-cac.c
+++ opensc-0.18.0/src/libopensc/card-cac.c
@@ -492,7 +492,7 @@ static int cac_cac1_get_certificate(sc_c
 	u8 *out_ptr;
 	size_t size = 0;
 	size_t left = 0;
-	size_t len, next_len;
+	size_t len;
 	sc_apdu_t apdu;
 	int r = SC_SUCCESS;
 
@@ -501,9 +501,8 @@ static int cac_cac1_get_certificate(sc_c
 	size = left = *out_buf ? *out_len : sizeof(buf);
 	out_ptr = *out_buf ? *out_buf : buf;
 	sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, CAC_INS_GET_CERTIFICATE, 0, 0 );
-	next_len = MIN(left, 100);
-	for (; left > 0; left -= len, out_ptr += len) {
-		len = next_len;
+	len = MIN(left, 100);
+	for (; left > 0;) { /* Increments for readability in the end of the function */
 		apdu.resp = out_ptr;
 		apdu.le = len;
 		apdu.resplen = left;
@@ -519,7 +518,11 @@ static int cac_cac1_get_certificate(sc_c
 			left -= len;
 			break;
 		}
-		next_len = MIN(left,apdu.sw2);
+		/* Adjust the lengths */
+		left -= len;
+		out_ptr += len;
+		len = MIN(left, apdu.sw2);
+
 	}
 	if (r < 0) {
 		return r;
@@ -582,7 +585,7 @@ static int cac_read_binary(sc_card_t *ca
 	u8 *tl = NULL, *val = NULL;
 	u8 *tl_ptr, *val_ptr, *tlv_ptr, *tl_start;
 	u8 *cert_ptr;
-	size_t tl_len, val_len, tlv_len;
+	size_t tl_len, val_len = 0, tlv_len;
 	size_t len, tl_head_len, cert_len;
 	u8 cert_type, tag;