CCID: fix length checks in PC_to_RDR_{GetSlotStatus,SetParameters}
Change-Id: I5ec32fd5fdf704ee06f21e548a16523a557d4988
diff --git a/ccid/ccid_device.c b/ccid/ccid_device.c
index 346f77d..049b1cf 100644
--- a/ccid/ccid_device.c
+++ b/ccid/ccid_device.c
@@ -678,7 +678,7 @@
switch (ch->bMessageType) {
case PC_to_RDR_GetSlotStatus:
- if (len != sizeof(u->get_slot_status))
+ if (len < sizeof(u->get_slot_status))
goto short_msg;
rc = ccid_handle_get_slot_status(cs, msg);
break;
@@ -708,7 +708,8 @@
rc = ccid_handle_reset_parameters(cs, msg);
break;
case PC_to_RDR_SetParameters:
- if (len != sizeof(u->set_parameters))
+ // smallest union member
+ if (len < (sizeof(u->set_parameters.abProtocolData.t0)+10))
goto short_msg;
rc = ccid_handle_set_parameters(cs, msg);
break;