From f9bad31d6364214b79019419544679d5e08e8d72 Mon Sep 17 00:00:00 2001
From: Heiko Schaefer <heiko@schaefer.name>
Date: Wed, 25 Aug 2021 13:07:25 +0200
Subject: [PATCH] Explicitly limit size of data.

---
 openpgp-card/src/apdu/command.rs | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/openpgp-card/src/apdu/command.rs b/openpgp-card/src/apdu/command.rs
index 255bac5..44c9beb 100644
--- a/openpgp-card/src/apdu/command.rs
+++ b/openpgp-card/src/apdu/command.rs
@@ -17,11 +17,14 @@ pub(crate) struct Command {
     pub p1: u8,
     pub p2: u8,
 
+    // NOTE: data must be smaller than 64 kbyte
     pub data: Vec<u8>,
 }
 
 impl Command {
     pub fn new(cla: u8, ins: u8, p1: u8, p2: u8, data: Vec<u8>) -> Self {
+        assert!(data.len() < 0x10000, "'data' too big, must be <64 kbyte");
+
         Command {
             cla,
             ins,