fixed possible NULL dereference
This commit is contained in:
parent
10101984da
commit
3ca6c4b04a
|
@ -1609,44 +1609,56 @@ static int asn1_encode_entry(sc_context_t *ctx, const struct sc_asn1_entry *entr
|
||||||
break;
|
break;
|
||||||
case SC_ASN1_BIT_STRING_NI:
|
case SC_ASN1_BIT_STRING_NI:
|
||||||
case SC_ASN1_BIT_STRING:
|
case SC_ASN1_BIT_STRING:
|
||||||
assert(len != NULL);
|
if (len != NULL) {
|
||||||
if (entry->type == SC_ASN1_BIT_STRING)
|
if (entry->type == SC_ASN1_BIT_STRING)
|
||||||
r = encode_bit_string((const u8 *) parm, *len, &buf, &buflen, 1);
|
r = encode_bit_string((const u8 *) parm, *len, &buf, &buflen, 1);
|
||||||
else
|
else
|
||||||
r = encode_bit_string((const u8 *) parm, *len, &buf, &buflen, 0);
|
r = encode_bit_string((const u8 *) parm, *len, &buf, &buflen, 0);
|
||||||
|
} else {
|
||||||
|
r = SC_ERROR_INVALID_ARGUMENTS;
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
case SC_ASN1_BIT_FIELD:
|
case SC_ASN1_BIT_FIELD:
|
||||||
assert(len != NULL);
|
if (len != NULL) {
|
||||||
r = encode_bit_field((const u8 *) parm, *len, &buf, &buflen);
|
r = encode_bit_field((const u8 *) parm, *len, &buf, &buflen);
|
||||||
|
} else {
|
||||||
|
r = SC_ERROR_INVALID_ARGUMENTS;
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
case SC_ASN1_PRINTABLESTRING:
|
case SC_ASN1_PRINTABLESTRING:
|
||||||
case SC_ASN1_OCTET_STRING:
|
case SC_ASN1_OCTET_STRING:
|
||||||
case SC_ASN1_UTF8STRING:
|
case SC_ASN1_UTF8STRING:
|
||||||
assert(len != NULL);
|
if (len != NULL) {
|
||||||
buf = malloc(*len + 1);
|
buf = malloc(*len + 1);
|
||||||
if (buf == NULL) {
|
if (buf == NULL) {
|
||||||
r = SC_ERROR_OUT_OF_MEMORY;
|
r = SC_ERROR_OUT_OF_MEMORY;
|
||||||
break;
|
break;
|
||||||
|
}
|
||||||
|
buflen = 0;
|
||||||
|
/* If the integer is supposed to be unsigned, insert
|
||||||
|
* a padding byte if the MSB is one */
|
||||||
|
if ((entry->flags & SC_ASN1_UNSIGNED)
|
||||||
|
&& (((u8 *) parm)[0] & 0x80)) {
|
||||||
|
buf[buflen++] = 0x00;
|
||||||
|
}
|
||||||
|
memcpy(buf + buflen, parm, *len);
|
||||||
|
buflen += *len;
|
||||||
|
} else {
|
||||||
|
r = SC_ERROR_INVALID_ARGUMENTS;
|
||||||
}
|
}
|
||||||
buflen = 0;
|
|
||||||
/* If the integer is supposed to be unsigned, insert
|
|
||||||
* a padding byte if the MSB is one */
|
|
||||||
if ((entry->flags & SC_ASN1_UNSIGNED)
|
|
||||||
&& (((u8 *) parm)[0] & 0x80)) {
|
|
||||||
buf[buflen++] = 0x00;
|
|
||||||
}
|
|
||||||
memcpy(buf + buflen, parm, *len);
|
|
||||||
buflen += *len;
|
|
||||||
break;
|
break;
|
||||||
case SC_ASN1_GENERALIZEDTIME:
|
case SC_ASN1_GENERALIZEDTIME:
|
||||||
assert(len != NULL);
|
if (len != NULL) {
|
||||||
buf = malloc(*len);
|
buf = malloc(*len);
|
||||||
if (buf == NULL) {
|
if (buf == NULL) {
|
||||||
r = SC_ERROR_OUT_OF_MEMORY;
|
r = SC_ERROR_OUT_OF_MEMORY;
|
||||||
break;
|
break;
|
||||||
|
}
|
||||||
|
memcpy(buf, parm, *len);
|
||||||
|
buflen = *len;
|
||||||
|
} else {
|
||||||
|
r = SC_ERROR_INVALID_ARGUMENTS;
|
||||||
}
|
}
|
||||||
memcpy(buf, parm, *len);
|
|
||||||
buflen = *len;
|
|
||||||
break;
|
break;
|
||||||
case SC_ASN1_OBJECT:
|
case SC_ASN1_OBJECT:
|
||||||
r = sc_asn1_encode_object_id(&buf, &buflen, (struct sc_object_id *) parm);
|
r = sc_asn1_encode_object_id(&buf, &buflen, (struct sc_object_id *) parm);
|
||||||
|
|
|
@ -449,13 +449,13 @@ int sc_pkcs15_verify_pin_with_session_pin(struct sc_pkcs15_card *p15card,
|
||||||
sc_log(ctx, "PIN cmd result %i", r);
|
sc_log(ctx, "PIN cmd result %i", r);
|
||||||
if (r == SC_SUCCESS) {
|
if (r == SC_SUCCESS) {
|
||||||
sc_pkcs15_pincache_add(p15card, pin_obj, pincode, pinlen);
|
sc_pkcs15_pincache_add(p15card, pin_obj, pincode, pinlen);
|
||||||
if (data.cmd == SC_PIN_CMD_GET_SESSION_PIN) {
|
if (data.cmd == SC_PIN_CMD_GET_SESSION_PIN && sessionpinlen) {
|
||||||
*sessionpinlen = data.pin2.len;
|
*sessionpinlen = data.pin2.len;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
sc_notify_id(card->ctx, &card->reader->atr, p15card,
|
sc_notify_id(card->ctx, &card->reader->atr, p15card,
|
||||||
NOTIFY_PIN_BAD);
|
NOTIFY_PIN_BAD);
|
||||||
if (data.cmd == SC_PIN_CMD_GET_SESSION_PIN) {
|
if (data.cmd == SC_PIN_CMD_GET_SESSION_PIN && sessionpinlen) {
|
||||||
*sessionpinlen = 0;
|
*sessionpinlen = 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -3880,6 +3880,10 @@ sc_pkcs15init_create_file(struct sc_profile *profile, struct sc_pkcs15_card *p15
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
LOG_FUNC_CALLED(ctx);
|
LOG_FUNC_CALLED(ctx);
|
||||||
|
if (!file) {
|
||||||
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
|
}
|
||||||
|
|
||||||
sc_log(ctx, "create file '%s'", sc_print_path(&file->path));
|
sc_log(ctx, "create file '%s'", sc_print_path(&file->path));
|
||||||
/* Select parent DF and verify PINs/key as necessary */
|
/* Select parent DF and verify PINs/key as necessary */
|
||||||
r = do_select_parent(profile, p15card, file, &parent);
|
r = do_select_parent(profile, p15card, file, &parent);
|
||||||
|
|
Loading…
Reference in New Issue