3 files changed, 11 insertions, 15 deletions

diff --git a/scd/ChangeLog b/scd/ChangeLog
index 9b2ddf79c..895aae966 100644
--- a/scd/ChangeLog
+++ b/scd/ChangeLog
@@ -1,5 +1,12 @@
+2004-03-23  Werner Koch  <[email protected]>
+
+	* scdaemon.c (main) <gpgconf_list>: Fixed output for pcsc_driver.
+
 2004-03-17  Werner Koch  <[email protected]>
 
+	* tlv.c (parse_ber_header): Do not check for tag overflow - it
+	does not make sense.  Simplified the check for length overflow.
+
 	* scdaemon.c (main) <gpgconf>: Fixed default value quoting.
 
 2004-03-16  Werner Koch  <[email protected]>
diff --git a/scd/scdaemon.c b/scd/scdaemon.c
index 9f1e409e4..955724b3f 100644
--- a/scd/scdaemon.c
+++ b/scd/scdaemon.c
@@ -545,7 +545,7 @@ main (int argc, char **argv )
 
       printf ("reader-port:%lu:\n", GC_OPT_FLAG_NONE );
       printf ("ctapi-driver:%lu:\n", GC_OPT_FLAG_NONE );
-      printf ("pcsc-driver:%lu:\"%s\":\n",
+      printf ("pcsc-driver:%lu:\"%s:\n",
               GC_OPT_FLAG_DEFAULT, DEFAULT_PCSC_DRIVER );
 #ifdef HAVE_LIBUSB
       printf ("disable-ccid:%lu:\n", GC_OPT_FLAG_NONE );
diff --git a/scd/tlv.c b/scd/tlv.c
index dbcd24546..5b9d0d6b9 100644
--- a/scd/tlv.c
+++ b/scd/tlv.c
@@ -157,12 +157,6 @@ parse_ber_header (unsigned char const **buffer, size_t *size,
       tag = 0;
       do
         {
-          /* Simple check against overflow.  We limit our maximim tag
-             value more than needed but that should not be a problem
-             because I have nver encountered such large value.  We
-             assume at least 32 bit integers. */
-          if (tag > (1 << 24))
-            return gpg_error (GPG_ERR_TOO_LARGE);
           tag <<= 7;
           if (!length)
             return gpg_error (GPG_ERR_EOF);
@@ -190,16 +184,11 @@ parse_ber_header (unsigned char const **buffer, size_t *size,
       unsigned long len = 0;
       int count = c & 0x7f;
 
+      if (count > sizeof (len) || count > sizeof (size_t))
+        return gpg_error (GPG_ERR_BAD_BER);
+
       for (; count; count--)
         {
-          /* Simple check against overflow.  We limit our maximim
-             length more than needed but that should not be a problem
-             because I have never encountered such large value and
-             well they are managed in memory and thus we would run
-             into memory problems anyway.  We assume at least 32 bit
-             integers. */
-          if (len > (1 << 24))
-            return gpg_error (GPG_ERR_TOO_LARGE);
           len <<= 8;
           if (!length)
             return gpg_error (GPG_ERR_EOF);