X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=multipass.rs;fp=multipass.rs;h=d3187aa283b07c407df9373f93878fda8b94f235;hb=01cde802e8fa5f43ee260fd87973753ef95ce249;hp=958d18955d3aacaca3279f8481097420587db52e;hpb=d247b11a05b2671e087c011b84499b3493f731a0;p=linux-dallas-multipass

diff --git a/multipass.rs b/multipass.rs
index 958d189..d3187aa 100644
--- a/multipass.rs
+++ b/multipass.rs
@@ -251,7 +251,7 @@ fn get_readers() -> Result<hyper::Body, Box<dyn std::error::Error>>
 }
 
 fn transmit_apdu(card: &Card, mut apdu: &[u8]) -> Result<String, Box<dyn std::error::Error>> {
-        if apdu[0] == 0xff && apdu[1] == 0xff && apdu[2] == 0x01 && apdu[3] == 0x04 {
+        if apdu.len() >= 11 && apdu[0] == 0xff && apdu[1] == 0xff && apdu[2] == 0x01 && apdu[3] == 0x04 {
             // APDUs with PIN codes are obfuscated (see /getref/ above)
             // with a special extension header used only in scproxy. The format seems to be:
             //
@@ -305,7 +305,7 @@ fn apdureq(reader_name: &str, req: String) -> Result<hyper::Body, Box<dyn std::e
         let apdus = get_apducommands(req.clone())?;
 	let mut any_sensitive = false;
 	for apdu in &apdus {
-		if apdu[0] == 0xff && apdu[1] == 0xff {
+		if apdu.len() >= 2 && apdu[0] == 0xff && apdu[1] == 0xff {
 			any_sensitive = true;
 		}
 	}