commit 953986f65db61871bbbff72788d861d67d5140c6
Author: Frank Morgner <frankmorgner@gmail.com>
Date:   Thu May 22 00:24:32 2025 +0200

    fixed Stack-buffer-overflow WRITE in GET RESPONSE
    
    The do-while loop in apdu.c requires the output data to be set in any
    case, otherwise non existent data may be copied to the output data.
    
    fixes https://issues.oss-fuzz.com/issues/416351800
    fixes https://issues.oss-fuzz.com/issues/416295951

Index: opensc-0.24.0/src/libopensc/card-nqApplet.c
===================================================================
--- opensc-0.24.0.orig/src/libopensc/card-nqApplet.c
+++ opensc-0.24.0/src/libopensc/card-nqApplet.c
@@ -190,9 +190,10 @@ static int nqapplet_finish(struct sc_car
 	LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
 }
 
-static int nqapplet_get_response(struct sc_card *card, size_t *cb_resp, u8 *resp)
+static int
+nqapplet_get_response(struct sc_card *card, size_t *cb_resp, u8 *resp)
 {
-	struct sc_apdu apdu;
+	struct sc_apdu apdu = {0};
 	int rv;
 	size_t resplen;
 
@@ -204,12 +205,12 @@ static int nqapplet_get_response(struct
 
 	rv = sc_transmit_apdu(card, &apdu);
 	LOG_TEST_RET(card->ctx, rv, "APDU transmit failed");
-	if (apdu.resplen == 0) {
-		LOG_FUNC_RETURN(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2));
-	}
 
 	*cb_resp = apdu.resplen;
 
+	if (apdu.resplen == 0) {
+		LOG_FUNC_RETURN(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2));
+	}
 	if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00) {
 		rv = SC_SUCCESS;
 	} else if (apdu.sw1 == 0x61) {
Index: opensc-0.24.0/src/libopensc/iso7816.c
===================================================================
--- opensc-0.24.0.orig/src/libopensc/iso7816.c
+++ opensc-0.24.0/src/libopensc/iso7816.c
@@ -919,11 +919,12 @@ iso7816_get_response(struct sc_card *car
 
 	r = sc_transmit_apdu(card, &apdu);
 	LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
-	if (apdu.resplen == 0)
-		LOG_FUNC_RETURN(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2));
 
 	*count = apdu.resplen;
 
+	if (apdu.resplen == 0) {
+		LOG_FUNC_RETURN(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2));
+	}
 	if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00)
 		r = 0;					/* no more data to read */
 	else if (apdu.sw1 == 0x61)