From 524ebe3fce0877dc019fb504d6c98aab31d751d3 Mon Sep 17 00:00:00 2001
From: Kamran Khan <kamranrkhan@google.com>
Date: Wed, 2 Dec 2020 23:32:25 -0800
Subject: [PATCH] Prevent int overflow by casting before addition

---
 src/ctap/apdu.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
index 80be816..8e53276 100644
--- a/src/ctap/apdu.rs
+++ b/src/ctap/apdu.rs
@@ -151,7 +151,7 @@ impl TryFrom<&[u8]> for APDU {
                     case_type: ApduType::Short(Case::Le1),
                 });
             }
-            if payload.len() == (1 + byte_0) as usize && byte_0 != 0 {
+            if payload.len() == 1 + (byte_0 as usize) && byte_0 != 0 {
                 // Lc is one-byte long and since the size specified by Lc covers the rest of the
                 // payload there's no Le at the end
                 return Ok(APDU {
@@ -162,7 +162,7 @@ impl TryFrom<&[u8]> for APDU {
                     le: 0,
                 });
             }
-            if payload.len() == (1 + byte_0 + 1) as usize && byte_0 != 0 {
+            if payload.len() == 2 + (byte_0 as usize) && byte_0 != 0 {
                 // Lc is one-byte long and since the size specified by Lc covers the rest of the
                 // payload with ONE additional byte that byte must be Le
                 let last_byte: u32 = (*payload.last().unwrap()).into();