giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix missing error handling of memory allocation (#1020) 

* libopensc: handle allocation errors
* handle more faults during memory allocation

fixes several situations that cause segmentation fault
This commit is contained in:
Frank Morgner 2017-04-20 21:08:49 +02:00 committed by GitHub
parent 741add2588
commit 6bfb39454b
37 changed files with 300 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/common/libpkcs11.c
View File

@ -50,6 +50,9 @@ C_LoadModule(const char *mspec, CK_FUNCTION_LIST_PTR_PTR funcs)
sc_pkcs11_module_t *mod;
CK_RV rv, (*c_get_function_list)(CK_FUNCTION_LIST_PTR_PTR);
mod = calloc(1, sizeof(*mod));
if (mod == NULL) {
return NULL;
}
mod->_magic = MAGIC;
if (mspec == NULL) {

130
src/common/simclist.c
View File

@ -229,7 +229,11 @@ static simclist_inline long get_random() {
/* list initialization */
int list_init(list_t *simclist_restrict l) {
if (l == NULL) return -1;
if (l == NULL) {
return -1;
}
memset(l, 0, sizeof *l);
seed_random();
@ -238,6 +242,9 @@ int list_init(list_t *simclist_restrict l) {
/* head/tail sentinels and mid pointer */
l->head_sentinel = (struct list_entry_s *)malloc(sizeof(struct list_entry_s));
l->tail_sentinel = (struct list_entry_s *)malloc(sizeof(struct list_entry_s));
if (l->tail_sentinel == NULL || l->head_sentinel == NULL) {
return -1;
}
l->head_sentinel->next = l->tail_sentinel;
l->tail_sentinel->prev = l->head_sentinel;
l->head_sentinel->prev = l->tail_sentinel->next = l->mid = NULL;
@ -249,14 +256,19 @@ int list_init(list_t *simclist_restrict l) {
l->iter_curentry = NULL;
/* free-list attributes */
l->spareels = (struct list_entry_s **)malloc(SIMCLIST_MAX_SPARE_ELEMS * sizeof(struct list_entry_s *));
l->spareelsnum = 0;
l->spareels = (struct list_entry_s **)malloc(SIMCLIST_MAX_SPARE_ELEMS * sizeof(struct list_entry_s *));
if (l->spareels == NULL) {
return -1;
}
#ifdef SIMCLIST_WITH_THREADS
l->threadcount = 0;
#endif
list_attributes_setdefaults(l);
if (0 != list_attributes_setdefaults(l)) {
return -1;
}
assert(list_repOk(l));
assert(list_attrOk(l));
@ -402,6 +414,8 @@ static simclist_inline struct list_entry_s *list_findpos(const list_t *simclist_
float x;
int i;
if (l->head_sentinel == NULL || l->tail_sentinel == NULL) return NULL;
/* accept 1 slot overflow for fetching head and tail sentinels */
if (posstart < -1 || posstart > (int)l->numels) return NULL;
@ -430,6 +444,9 @@ void *list_extract_at(list_t *simclist_restrict l, unsigned int pos) {
if (l->iter_active || pos >= l->numels) return NULL;
tmp = list_findpos(l, pos);
if (tmp == NULL) {
return NULL;
}
data = tmp->data;
tmp->data = NULL; /* save data from list_drop_elem() free() */
@ -452,14 +469,18 @@ int list_insert_at(list_t *simclist_restrict l, const void *data, unsigned int p
l->spareelsnum--;
} else {
lent = (struct list_entry_s *)malloc(sizeof(struct list_entry_s));
if (lent == NULL)
if (lent == NULL) {
return -1;
}
}
if (l->attrs.copy_data) {
/* make room for user' data (has to be copied) */
size_t datalen = l->attrs.meter(data);
lent->data = (struct list_entry_s *)malloc(datalen);
if (lent->data == NULL) {
return -1;
}
memcpy(lent->data, data, datalen);
} else {
lent->data = (void*)data;
@ -467,6 +488,9 @@ int list_insert_at(list_t *simclist_restrict l, const void *data, unsigned int p
/* actually append element */
prec = list_findpos(l, pos-1);
if (prec == NULL) {
return -1;
}
succ = prec->next;
prec->next = lent;
@ -533,6 +557,9 @@ int list_delete_range(list_t *simclist_restrict l, unsigned int posstart, unsign
if (l->iter_active || posend < posstart || posend >= l->numels) return -1;
tmp = list_findpos(l, posstart); /* first el to be deleted */
if (tmp == NULL) {
return -1;
}
lastvalid = tmp->prev; /* last valid element */
numdel = posend - posstart + 1;
@ -591,34 +618,36 @@ int list_clear(list_t *simclist_restrict l) {
if (l->iter_active) return -1;
if (l->attrs.copy_data) { /* also free user data */
/* spare a loop conditional with two loops: spareing elems and freeing elems */
for (s = l->head_sentinel->next; l->spareelsnum < SIMCLIST_MAX_SPARE_ELEMS && s != l->tail_sentinel; s = s->next) {
/* move elements as spares as long as there is room */
if (s->data != NULL) free(s->data);
l->spareels[l->spareelsnum++] = s;
if (l->head_sentinel && l->tail_sentinel) {
if (l->attrs.copy_data) { /* also free user data */
/* spare a loop conditional with two loops: spareing elems and freeing elems */
for (s = l->head_sentinel->next; l->spareelsnum < SIMCLIST_MAX_SPARE_ELEMS && s != l->tail_sentinel; s = s->next) {
/* move elements as spares as long as there is room */
if (s->data != NULL) free(s->data);
l->spareels[l->spareelsnum++] = s;
}
while (s != l->tail_sentinel) {
/* free the remaining elems */
if (s->data != NULL) free(s->data);
s = s->next;
free(s->prev);
}
l->head_sentinel->next = l->tail_sentinel;
l->tail_sentinel->prev = l->head_sentinel;
} else { /* only free element containers */
/* spare a loop conditional with two loops: spareing elems and freeing elems */
for (s = l->head_sentinel->next; l->spareelsnum < SIMCLIST_MAX_SPARE_ELEMS && s != l->tail_sentinel; s = s->next) {
/* move elements as spares as long as there is room */
l->spareels[l->spareelsnum++] = s;
}
while (s != l->tail_sentinel) {
/* free the remaining elems */
s = s->next;
free(s->prev);
}
l->head_sentinel->next = l->tail_sentinel;
l->tail_sentinel->prev = l->head_sentinel;
}
while (s != l->tail_sentinel) {
/* free the remaining elems */
if (s->data != NULL) free(s->data);
s = s->next;
free(s->prev);
}
l->head_sentinel->next = l->tail_sentinel;
l->tail_sentinel->prev = l->head_sentinel;
} else { /* only free element containers */
/* spare a loop conditional with two loops: spareing elems and freeing elems */
for (s = l->head_sentinel->next; l->spareelsnum < SIMCLIST_MAX_SPARE_ELEMS && s != l->tail_sentinel; s = s->next) {
/* move elements as spares as long as there is room */
l->spareels[l->spareelsnum++] = s;
}
while (s != l->tail_sentinel) {
/* free the remaining elems */
s = s->next;
free(s->prev);
}
l->head_sentinel->next = l->tail_sentinel;
l->tail_sentinel->prev = l->head_sentinel;
}
l->numels = 0;
l->mid = NULL;
@ -640,6 +669,8 @@ int list_locate(const list_t *simclist_restrict l, const void *data) {
struct list_entry_s *el;
int pos = 0;
if (l->head_sentinel == NULL || l->tail_sentinel == NULL) return -1;
if (l->attrs.comparator != NULL) {
/* use comparator */
for (el = l->head_sentinel->next; el != l->tail_sentinel; el = el->next, pos++) {
@ -661,6 +692,8 @@ void *list_seek(list_t *simclist_restrict l, const void *indicator) {
if (l->attrs.seeker == NULL) return NULL;
if (l->head_sentinel == NULL || l->tail_sentinel == NULL) return NULL;
for (iter = l->head_sentinel->next; iter != l->tail_sentinel; iter = iter->next) {
if (l->attrs.seeker(iter->data, indicator) != 0) return iter->data;
}
@ -677,11 +710,15 @@ int list_concat(const list_t *l1, const list_t *l2, list_t *simclist_restrict de
unsigned int cnt;
int err;
if (l1 == NULL || l2 == NULL || dest == NULL || l1 == dest || l2 == dest)
return -1;
list_init(dest);
if (l1->head_sentinel == NULL || l1->tail_sentinel == NULL
|| l2->head_sentinel == NULL || l2->tail_sentinel == NULL) return -1;
if (0 != list_init(dest)) {
return -1;
}
dest->numels = l1->numels + l2->numels;
if (dest->numels == 0)
@ -692,6 +729,9 @@ int list_concat(const list_t *l1, const list_t *l2, list_t *simclist_restrict de
el = dest->head_sentinel;
while (srcel != l1->tail_sentinel) {
el->next = (struct list_entry_s *)malloc(sizeof(struct list_entry_s));
if (el->next == NULL) {
return -1;
}
el->next->prev = el;
el = el->next;
el->data = srcel->data;
@ -702,6 +742,9 @@ int list_concat(const list_t *l1, const list_t *l2, list_t *simclist_restrict de
srcel = l2->head_sentinel->next;
while (srcel != l2->tail_sentinel) {
el->next = (struct list_entry_s *)malloc(sizeof(struct list_entry_s));
if (el->next == NULL) {
return -1;
}
el->next->prev = el;
el = el->next;
el->data = srcel->data;
@ -731,6 +774,9 @@ int list_sort(list_t *simclist_restrict l, int versus) {
if (l->numels <= 1)
return 0;
if (l->head_sentinel == NULL || l->tail_sentinel == NULL) return -1;
list_sort_quicksort(l, versus, 0, l->head_sentinel->next, l->numels-1, l->tail_sentinel->prev);
assert(list_repOk(l));
return 0;
@ -869,6 +915,9 @@ static void list_sort_quicksort(list_t *simclist_restrict l, int versus,
/* prepare wrapped args, then start thread */
if (l->threadcount < SIMCLIST_MAXTHREADS-1) {
struct list_sort_wrappedparams *wp = (struct list_sort_wrappedparams *)malloc(sizeof(struct list_sort_wrappedparams));
if (wp == NULL) {
return -1;
}
l->threadcount++;
traised = 1;
wp->l = l;
@ -899,6 +948,7 @@ static void list_sort_quicksort(list_t *simclist_restrict l, int versus,
int list_iterator_start(list_t *simclist_restrict l) {
if (l->iter_active) return 0;
if (l->head_sentinel == NULL) return -1;
l->iter_pos = 0;
l->iter_active = 1;
l->iter_curentry = l->head_sentinel->next;
@ -1247,6 +1297,9 @@ int list_restore_filedescriptor(list_t *simclist_restrict l, int fd, size_t *sim
if (l->attrs.unserializer != NULL) {
/* use unserializer */
buf = malloc(header.elemlen);
if (buf == NULL) {
return -1;
}
for (cnt = 0; cnt < header.numels; cnt++) {
READ_ERRCHECK(fd, buf, header.elemlen);
list_append(l, l->attrs.unserializer(buf, & elsize));
@ -1256,6 +1309,9 @@ int list_restore_filedescriptor(list_t *simclist_restrict l, int fd, size_t *sim
/* copy verbatim into memory */
for (cnt = 0; cnt < header.numels; cnt++) {
buf = malloc(header.elemlen);
if (buf == NULL) {
return -1;
}
READ_ERRCHECK(fd, buf, header.elemlen);
list_append(l, buf);
}
@ -1269,6 +1325,9 @@ int list_restore_filedescriptor(list_t *simclist_restrict l, int fd, size_t *sim
for (cnt = 0; cnt < header.numels; cnt++) {
READ_ERRCHECK(fd, & elsize, sizeof(elsize));
buf = malloc((size_t)elsize);
if (buf == NULL) {
return -1;
}
READ_ERRCHECK(fd, buf, elsize);
totreadlen += elsize;
list_append(l, l->attrs.unserializer(buf, & elsize));
@ -1279,6 +1338,9 @@ int list_restore_filedescriptor(list_t *simclist_restrict l, int fd, size_t *sim
for (cnt = 0; cnt < header.numels; cnt++) {
READ_ERRCHECK(fd, & elsize, sizeof(elsize));
buf = malloc(elsize);
if (buf == NULL) {
return -1;
}
READ_ERRCHECK(fd, buf, elsize);
totreadlen += elsize;
list_append(l, buf);
@ -1368,7 +1430,7 @@ static int list_drop_elem(list_t *simclist_restrict l, struct list_entry_s *tmp,
if (l->attrs.copy_data && tmp->data != NULL)
free(tmp->data);
if (l->spareelsnum < SIMCLIST_MAX_SPARE_ELEMS) {
if (l->spareels != NULL && l->spareelsnum < SIMCLIST_MAX_SPARE_ELEMS) {
l->spareels[l->spareelsnum++] = tmp;
} else {
free(tmp);

6
src/libopensc/card-cac.c
View File

@ -190,6 +190,8 @@ static cac_private_data_t *cac_new_private_data(void)
{
cac_private_data_t *priv;
priv = calloc(1, sizeof(cac_private_data_t));
if (!priv)
return NULL;
list_init(&priv->pki_list);
list_attributes_comparator(&priv->pki_list, cac_list_compare_path);
list_attributes_copy(&priv->pki_list, cac_list_meter, 1);
@ -1453,6 +1455,8 @@ static int cac_find_and_initialize(sc_card_t *card, int initialize)
return r;
priv = cac_new_private_data();
if (!priv)
return SC_ERROR_OUT_OF_MEMORY;
r = cac_process_CCC(card, priv);
if (r == SC_SUCCESS) {
card->type = SC_CARD_TYPE_CAC_II;
@ -1470,6 +1474,8 @@ static int cac_find_and_initialize(sc_card_t *card, int initialize)
if (!priv) {
priv = cac_new_private_data();
if (!priv)
return SC_ERROR_OUT_OF_MEMORY;
}
r = cac_populate_cac_1(card, index, priv);
if (r == SC_SUCCESS) {

4
src/libopensc/card-coolkey.c
View File

@ -788,6 +788,8 @@ static coolkey_private_data_t *coolkey_new_private_data(void)
coolkey_private_data_t *priv;
/* allocate priv and zero all the fields */
priv = calloc(1, sizeof(coolkey_private_data_t));
if (!priv)
return NULL;
/* set other fields as appropriate */
priv->key_id = COOLKEY_INVALID_KEY;
list_init(&priv->objects_list);
@ -2152,7 +2154,7 @@ static int coolkey_initialize(sc_card_t *card)
priv = coolkey_new_private_data();
if (priv == NULL) {
r= SC_ERROR_OUT_OF_MEMORY;
r = SC_ERROR_OUT_OF_MEMORY;
goto cleanup;
}
r = coolkey_get_life_cycle(card, &life_cycle);

5
src/libopensc/card-dnie.c
View File

@ -422,9 +422,8 @@ static int dnie_get_environment(
/* look for sc block in opensc.conf */
ctx = card->ctx;
for (i = 0; ctx->conf_blocks[i]; i++) {
blocks =
scconf_find_blocks(ctx->conf, ctx->conf_blocks[i],
"card_driver", "dnie");
blocks = scconf_find_blocks(ctx->conf, ctx->conf_blocks[i],
"card_driver", "dnie");
if (!blocks)
continue;
blk = blocks[0];

7
src/libopensc/card-entersafe.c
View File

@ -387,8 +387,13 @@ static int entersafe_transmit_apdu(sc_card_t *card, sc_apdu_t *apdu,
{
mac_data_size=apdu->lc+4;
mac_data=malloc(mac_data_size);
if(!mac_data)
{
r = SC_ERROR_OUT_OF_MEMORY;
goto out;
}
r = entersafe_mac_apdu(card,apdu,key,keylen,mac_data,mac_data_size);
if(r<0)
if(r < 0)
goto out;
}

2
src/libopensc/card-gemsafeV1.c
View File

@ -99,7 +99,7 @@ static int get_conf_aid(sc_card_t *card, u8 *aid, size_t *len)
for (i = 0; ctx->conf_blocks[i] != NULL; i++) {
blocks = scconf_find_blocks(ctx->conf, ctx->conf_blocks[i],
"card", "gemsafeV1");
if (blocks[0] != NULL)
if (blocks != NULL && blocks[0] != NULL)
conf_block = blocks[0];
free(blocks);
}

4
src/libopensc/card-itacns.c
View File

@ -208,6 +208,8 @@ static int itacns_init(sc_card_t *card)
card->cla = 0x00;
card->drv_data = calloc(1, sizeof(itacns_drv_data_t));
if (!card->drv_data)
return SC_ERROR_OUT_OF_MEMORY;
/* Match ATR again to find the card data. */
itacns_match_card(card);
@ -219,7 +221,7 @@ static int itacns_init(sc_card_t *card)
;
_sc_card_add_rsa_alg(card, 1024, flags, 0);
return 0;
return SC_SUCCESS;
}
static int itacns_finish(struct sc_card *card)

4
src/libopensc/card-npa.c
View File

@ -371,6 +371,10 @@ static int npa_init(sc_card_t * card)
EAC_init();
#endif
card->drv_data = npa_drv_data_create();
if (!card->drv_data) {
r = SC_ERROR_OUT_OF_MEMORY;
goto err;
}
r = npa_load_options(card->ctx, card->drv_data);
if (r != SC_SUCCESS)
goto err;

35
src/libopensc/card-oberthur.c
View File

@ -2122,6 +2122,10 @@ auth_read_binary(struct sc_card *card, unsigned int offset,
{
int rv;
char debug_buf[2048];
struct sc_pkcs15_bignum bn[2];
unsigned char *out = NULL;
bn[0].data = NULL;
bn[1].data = NULL;
LOG_FUNC_CALLED(card->ctx);
sc_log(card->ctx,
@ -2136,9 +2140,8 @@ auth_read_binary(struct sc_card *card, unsigned int offset,
if (auth_current_ef->magic==SC_FILE_MAGIC &&
auth_current_ef->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC) {
int jj;
unsigned char resp[256], *out = NULL;
unsigned char resp[256];
size_t resp_len, out_len;
struct sc_pkcs15_bignum bn[2];
struct sc_pkcs15_pubkey_rsa key;
resp_len = sizeof(resp);
@ -2150,14 +2153,22 @@ auth_read_binary(struct sc_card *card, unsigned int offset,
;
bn[0].data = calloc(1, rv - jj);
if (!bn[0].data) {
rv = SC_ERROR_OUT_OF_MEMORY;
goto err;
}
bn[0].len = rv - jj;
memcpy(bn[0].data, resp + jj, rv - jj);
rv = auth_read_component(card, SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC,
1, resp, resp_len);
LOG_TEST_RET(card->ctx, rv, "Cannot read RSA public key component");
LOG_TEST_GOTO_ERR(card->ctx, rv, "Cannot read RSA public key component");
bn[1].data = calloc(1, rv);
if (!bn[1].data) {
rv = SC_ERROR_OUT_OF_MEMORY;
goto err;
}
bn[1].len = rv;
memcpy(bn[1].data, resp, rv);
@ -2165,8 +2176,8 @@ auth_read_binary(struct sc_card *card, unsigned int offset,
key.modulus = bn[1];
if (sc_pkcs15_encode_pubkey_rsa(card->ctx, &key, &out, &out_len)) {
LOG_TEST_RET(card->ctx, SC_ERROR_INVALID_ASN1_OBJECT,
"cannot encode RSA public key");
rv = SC_ERROR_INVALID_ASN1_OBJECT;
LOG_TEST_GOTO_ERR(card->ctx, rv, "cannot encode RSA public key");
}
else {
rv = out_len - offset > count ? count : out_len - offset;
@ -2179,18 +2190,16 @@ auth_read_binary(struct sc_card *card, unsigned int offset,
"write_publickey in %"SC_FORMAT_LEN_SIZE_T"u bytes :\n%s",
count, debug_buf);
}
if (bn[0].data)
free(bn[0].data);
if (bn[1].data)
free(bn[1].data);
if (out)
free(out);
}
else {
else {
rv = iso_ops->read_binary(card, offset, buf, count, 0);
}
err:
free(bn[0].data);
free(bn[1].data);
free(out);
LOG_FUNC_RETURN(card->ctx, rv);
}

3
src/libopensc/card-piv.c
View File

@ -579,9 +579,6 @@ static int piv_general_io(sc_card_t *card, int ins, int p1, int p2,
/* if using internal buffer, alloc new one */
if (rbuf == rbufinitbuf) {
*recvbuf = malloc(rbuflen);
sc_log(card->ctx,
"DEE got buffer %p len %"SC_FORMAT_LEN_SIZE_T"u",
*recvbuf, rbuflen);
if (*recvbuf == NULL) {
r = SC_ERROR_OUT_OF_MEMORY;
goto err;

4
src/libopensc/card.c
View File

@ -1414,12 +1414,12 @@ sc_card_sm_check(struct sc_card *card)
for (ii = 0; ctx->conf_blocks[ii]; ii++) {
scconf_block **blocks;
blocks = scconf_find_blocks(ctx->conf, ctx->conf_blocks[ii], "secure_messaging", sm);
blocks = scconf_find_blocks(ctx->conf, ctx->conf_blocks[ii], "secure_messaging", sm);
if (blocks) {
sm_conf_block = blocks[0];
free(blocks);
}
if (sm_conf_block != NULL)
if (sm_conf_block != NULL)
break;
}

8
src/libopensc/ctx.c
View File

@ -670,12 +670,12 @@ static void process_config_file(sc_context_t *ctx, struct _sc_ctx_options *opts)
return;
}
blocks = scconf_find_blocks(ctx->conf, NULL, "app", ctx->app_name);
if (blocks[0])
if (blocks && blocks[0])
ctx->conf_blocks[count++] = blocks[0];
free(blocks);
if (strcmp(ctx->app_name, "default") != 0) {
blocks = scconf_find_blocks(ctx->conf, NULL, "app", "default");
if (blocks[0])
if (blocks && blocks[0])
ctx->conf_blocks[count] = blocks[0];
free(blocks);
}
@ -775,7 +775,9 @@ int sc_context_create(sc_context_t **ctx_out, const sc_context_param_t *parm)
ctx->flags = parm->flags;
set_defaults(ctx, &opts);
list_init(&ctx->readers);
if (0 != list_init(&ctx->readers)) {
return SC_ERROR_OUT_OF_MEMORY;
}
list_attributes_seeker(&ctx->readers, reader_list_seeker);
/* set thread context and create mutex object (if specified) */
if (parm->thread_ctx != NULL)

5
src/libopensc/pkcs15-actalis.c
View File

@ -225,6 +225,11 @@ static int sc_pkcs15emu_actalis_init(sc_pkcs15_card_t * p15card)
compCert = malloc(compLen * sizeof(unsigned char));
len = 3 * compLen; /*Approximation of the uncompressed size */
cert = malloc(len * sizeof(unsigned char));
if (!cert || !compCert) {
free(cert);
free(compCert);
return SC_ERROR_OUT_OF_MEMORY;
}
sc_read_binary(card, 4, compCert, compLen, 0);

4
src/libopensc/pkcs15-cac.c
View File

@ -373,6 +373,10 @@ static int sc_pkcs15emu_cac_init(sc_pkcs15_card_t *p15card)
cert_out->subject_len, &cn_oid, &cn_name, &cn_len);
if (r == SC_SUCCESS) {
token_name = malloc (cn_len+1);
if (!token_name) {
r = SC_ERROR_OUT_OF_MEMORY;
goto fail;
}
memcpy(token_name, cn_name, cn_len);
free(cn_name);
token_name[cn_len] = 0;

2
src/libopensc/pkcs15-coolkey.c
View File

@ -380,6 +380,8 @@ coolkey_make_public_key(sc_card_t *card, sc_cardctl_coolkey_object_t *obj, CK_KE
int r;
key = calloc(1, sizeof(struct sc_pkcs15_pubkey));
if (!key)
return NULL;
switch (key_type) {
case CKK_RSA:
key->algorithm = SC_ALGORITHM_RSA;

5
src/libopensc/pkcs15-infocamere.c
View File

@ -519,6 +519,11 @@ static int loadCertificate(sc_pkcs15_card_t * p15card, int i,
compCert = malloc(compLen * sizeof(unsigned char));
len = 4 * compLen; /*Approximation of the uncompressed size */
cert = malloc(len * sizeof(unsigned char));
if (!cert || !compCert) {
free(cert);
free(compCert);
return SC_ERROR_OUT_OF_MEMORY;
}
sc_read_binary(card, 4, compCert, compLen, 0);

4
src/libopensc/pkcs15-prkey.c
View File

@ -619,6 +619,8 @@ sc_pkcs15_convert_bignum(sc_pkcs15_bignum_t *dst, const void *src)
return 0;
dst->len = BN_num_bytes(bn);
dst->data = malloc(dst->len);
if (!dst->data)
return 0;
BN_bn2bin(bn, dst->data);
return 1;
#else
@ -722,6 +724,8 @@ sc_pkcs15_convert_prkey(struct sc_pkcs15_prkey *pkcs15_key, void *evp_key)
/* copy the public key */
dst->ecpointQ.value = malloc(buflen);
if (!dst->ecpointQ.value)
return SC_ERROR_OUT_OF_MEMORY;
memcpy(dst->ecpointQ.value, buf, buflen);
dst->ecpointQ.len = buflen;

2
src/libopensc/pkcs15-pubkey.c
View File

@ -1095,6 +1095,8 @@ sc_pkcs15_dup_pubkey(struct sc_context *ctx, struct sc_pkcs15_pubkey *key, struc
rv = sc_asn1_encode_algorithm_id(ctx, &alg, &alglen,key->alg_id, 0);
if (rv == SC_SUCCESS) {
pubkey->alg_id = (struct sc_algorithm_id *)calloc(1, sizeof(struct sc_algorithm_id));
if (pubkey->alg_id == NULL)
LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
rv = sc_asn1_decode_algorithm_id(ctx, alg, alglen, pubkey->alg_id, 0);
free(alg);
}

4
src/libopensc/pkcs15.c
View File

@ -1153,6 +1153,10 @@ sc_pkcs15_bind_internal(struct sc_pkcs15_card *p15card, struct sc_aid *aid)
if (!p15card->tokeninfo->serial_number && card->serialnr.len) {
char *serial = calloc(1, card->serialnr.len*2 + 1);
size_t ii;
if (!serial) {
err = SC_ERROR_OUT_OF_MEMORY;
goto end;
}
for(ii=0;ii<card->serialnr.len;ii++)
sprintf(serial + ii*2, "%02X", *(card->serialnr.value + ii));

11
src/libopensc/reader-ctapi.c
View File

@ -190,7 +190,7 @@ static int ctapi_transmit(sc_reader_t *reader, sc_apdu_t *apdu)
int r;
rsize = rbuflen = apdu->resplen + 2;
rbuf = malloc(rbuflen);
rbuf = malloc(rbuflen);
if (rbuf == NULL) {
r = SC_ERROR_OUT_OF_MEMORY;
goto out;
@ -310,9 +310,14 @@ static struct ctapi_module * add_module(struct ctapi_global_private_data *gpriv,
const char *name, void *dlhandle)
{
int i;
struct ctapi_module *p;
i = gpriv->module_count;
gpriv->modules = (struct ctapi_module *) realloc(gpriv->modules, sizeof(struct ctapi_module) * (i+1));
p = (struct ctapi_module *) realloc(gpriv->modules, sizeof(struct ctapi_module) * (i+1));
if (!p) {
return NULL;
}
gpriv->modules = p;
gpriv->modules[i].name = strdup(name);
gpriv->modules[i].dlhandle = dlhandle;
gpriv->modules[i].ctn_count = 0;
@ -358,6 +363,8 @@ static int ctapi_load_module(sc_context_t *ctx,
goto symerr;
mod = add_module(gpriv, val, dlh);
if (!mod)
goto symerr;
for (; list != NULL; list = list->next) {
int port;
char namebuf[128];

5
src/libopensc/reader-openct.c
View File

@ -115,9 +115,8 @@ openct_add_reader(sc_context_t *ctx, unsigned int num, ct_info_t *info)
int rc;
if (!(reader = calloc(1, sizeof(*reader)))
|| !(data = (calloc(1, sizeof(*data))))) {
if (reader)
free(reader);
|| !(data = (calloc(1, sizeof(*data))))) {
free(reader);
return SC_ERROR_OUT_OF_MEMORY;
}

2
src/minidriver/minidriver.c
View File

@ -5694,6 +5694,8 @@ DWORD WINAPI CardAcquireContext(__inout PCARD_DATA pCardData, __in DWORD dwFlags
/* VENDOR SPECIFIC */
vs = pCardData->pvVendorSpecific = pCardData->pfnCspAlloc(sizeof(VENDOR_SPECIFIC));
if (!vs)
return SCARD_E_NO_MEMORY;
memset(vs, 0, sizeof(VENDOR_SPECIFIC));
logprintf(pCardData, 1, "==================================================================\n");

15
src/pkcs11/framework-pkcs15.c
View File

@ -968,6 +968,9 @@ pkcs15_init_slot(struct sc_pkcs15_card *p15card, struct sc_pkcs11_slot *slot,
slot->token_info.flags |= CKF_RNG;
slot->fw_data = fw_data = calloc(1, sizeof(*fw_data));
if (!fw_data) {
return;
}
fw_data->auth_obj = auth;
if (auth != NULL) {
@ -2136,7 +2139,7 @@ pkcs15_create_secret_key(struct sc_pkcs11_slot *slot, struct sc_profile *profile
if (attr->pValue) {
args.data_value.value = calloc(1,attr->ulValueLen);
if (!args.data_value.value)
return CKR_HOST_MEMORY;
return CKR_HOST_MEMORY;
memcpy(args.data_value.value, attr->pValue, attr->ulValueLen);
args.data_value.len = attr->ulValueLen;
}
@ -2170,8 +2173,8 @@ pkcs15_create_secret_key(struct sc_pkcs11_slot *slot, struct sc_profile *profile
key_obj = calloc(1, sizeof(sc_pkcs15_object_t));
if (key_obj == NULL) {
rv = CKR_HOST_MEMORY;
goto out;
rv = CKR_HOST_MEMORY;
goto out;
}
key_obj->type = SC_PKCS15_TYPE_SKEY;
@ -2181,9 +2184,9 @@ pkcs15_create_secret_key(struct sc_pkcs11_slot *slot, struct sc_profile *profile
key_obj->flags = 2; /* TODO not sure what these mean */
skey_info = calloc(1, sizeof(sc_pkcs15_skey_info_t));
if (skey_info == NULL) {
rv = CKR_HOST_MEMORY;
goto out;
if (skey_info == NULL) {
rv = CKR_HOST_MEMORY;
goto out;
}
key_obj->data = skey_info;
skey_info->usage = args.usage;

20
src/pkcs11/mechanism.c
View File

@ -704,6 +704,10 @@ sc_pkcs11_verify_final(sc_pkcs11_operation_t *operation,
if (rv != CKR_OK)
return rv;
pubkey_value = calloc(1, attr.ulValueLen);
if (!pubkey_value) {
rv = CKR_HOST_MEMORY;
goto done;
}
attr.pValue = pubkey_value;
rv = key->ops->get_attribute(operation->session, key, &attr);
if (rv != CKR_OK)
@ -841,19 +845,19 @@ sc_pkcs11_deri(struct sc_pkcs11_session *session,
ulDataLen = 0;
rv = operation->type->derive(operation, basekey,
pMechanism->pParameter, pMechanism->ulParameterLen,
NULL, &ulDataLen);
pMechanism->pParameter, pMechanism->ulParameterLen,
NULL, &ulDataLen);
if (rv != CKR_OK)
goto out;
goto out;
if (ulDataLen > 0)
keybuf = calloc(1,ulDataLen);
keybuf = calloc(1,ulDataLen);
else
keybuf = calloc(1,8); /* pass in dummy buffer */
keybuf = calloc(1,8); /* pass in dummy buffer */
if (!keybuf) {
rv = CKR_HOST_MEMORY;
goto out;
if (!keybuf) {
rv = CKR_HOST_MEMORY;
goto out;
}
/* Now do the actuall derivation */

9
src/pkcs11/pkcs11-global.c
View File

@ -257,11 +257,18 @@ CK_RV C_Initialize(CK_VOID_PTR pInitArgs)
load_pkcs11_parameters(&sc_pkcs11_conf, context);
/* List of sessions */
list_init(&sessions);
if (0 != list_init(&sessions)) {
rv = CKR_HOST_MEMORY;
goto out;
}
list_attributes_seeker(&sessions, session_list_seeker);
/* List of slots */
list_init(&virtual_slots);
if (0 != list_init(&virtual_slots)) {
rv = CKR_HOST_MEMORY;
goto out;
}
list_attributes_seeker(&virtual_slots, slot_list_seeker);
/* Create slots for readers found on initialization, only if in 2.11 mode */

8
src/pkcs11/slot.c
View File

@ -95,10 +95,14 @@ CK_RV create_slot(sc_reader_t *reader)
return CKR_HOST_MEMORY;
list_append(&virtual_slots, slot);
list_init(&slot->objects);
if (0 != list_init(&slot->objects)) {
return CKR_HOST_MEMORY;
}
list_attributes_seeker(&slot->objects, object_list_seeker);
list_init(&slot->logins);
if (0 != list_init(&slot->logins)) {
return CKR_HOST_MEMORY;
}
} else {
/* reuse the old list of logins/objects since they should be empty */
list_t logins = slot->logins;

28
src/pkcs15init/pkcs15-lib.c
View File

@ -203,6 +203,8 @@ get_profile_from_config(struct sc_card *card, char *buffer, size_t size)
blocks = scconf_find_blocks(ctx->conf, ctx->conf_blocks[i],
"card_driver",
card->driver->short_name);
if (!blocks)
continue;
blk = blocks[0];
free(blocks);
if (blk == NULL)
@ -228,18 +230,22 @@ find_library(struct sc_context *ctx, const char *name)
for (i = 0; ctx->conf_blocks[i]; i++) {
blocks = scconf_find_blocks(ctx->conf, ctx->conf_blocks[i], "framework", "pkcs15");
blk = blocks[0];
free(blocks);
if (blk == NULL)
continue;
blocks = scconf_find_blocks(ctx->conf, blk, "pkcs15init", name);
if (!blocks)
continue;
blk = blocks[0];
free(blocks);
if (blk == NULL)
continue;
libname = scconf_get_str(blk, "module", NULL);
break;
}
free(blocks);
if (blk == NULL)
continue;
blocks = scconf_find_blocks(ctx->conf, blk, "pkcs15init", name);
if (!blocks)
continue;
blk = blocks[0];
free(blocks);
if (blk == NULL)
continue;
libname = scconf_get_str(blk, "module", NULL);
break;
}
if (!libname) {
sc_log(ctx, "unable to locate pkcs15init driver for '%s'", name);
}

12
src/scconf/parse.c
View File

@ -107,11 +107,10 @@ static scconf_item *scconf_item_add_internal(scconf_parser * parser, int type)
return item;
}
}
item = malloc(sizeof(scconf_item));
item = calloc(1, sizeof(scconf_item));
if (!item) {
return NULL;
}
memset(item, 0, sizeof(scconf_item));
item->type = type;
item->key = parser->key;
@ -177,12 +176,14 @@ static void scconf_block_add_internal(scconf_parser * parser)
scconf_item *item;
item = scconf_item_add_internal(parser, SCCONF_ITEM_TYPE_BLOCK);
if (!item) {
return;
}
block = malloc(sizeof(scconf_block));
block = calloc(1, sizeof(scconf_block));
if (!block) {
return;
}
memset(block, 0, sizeof(scconf_block));
block->parent = parser->block;
item->value.block = block;
@ -259,6 +260,9 @@ void scconf_parse_token(scconf_parser * parser, int token_type, const char *toke
/* fall through - treat empty lines as comments */
case TOKEN_TYPE_COMMENT:
item = scconf_item_add_internal(parser, SCCONF_ITEM_TYPE_COMMENT);
if (!item) {
return;
}
item->value.comment = token ? strdup(token) : NULL;
break;
case TOKEN_TYPE_STRING:

22
src/scconf/scconf.c
View File

@ -35,13 +35,12 @@ scconf_context *scconf_new(const char *filename)
{
scconf_context *config;
config = malloc(sizeof(scconf_context));
config = calloc(1, sizeof(scconf_context));
if (!config) {
return NULL;
}
memset(config, 0, sizeof(scconf_context));
config->filename = filename ? strdup(filename) : NULL;
config->root = malloc(sizeof(scconf_block));
config->root = calloc(1, sizeof(scconf_block));
if (!config->root) {
if (config->filename) {
free(config->filename);
@ -49,7 +48,6 @@ scconf_context *scconf_new(const char *filename)
free(config);
return NULL;
}
memset(config->root, 0, sizeof(scconf_block));
return config;
}
@ -107,6 +105,8 @@ scconf_block **scconf_find_blocks(const scconf_context * config, const scconf_bl
for (item = block->items; item; item = item->next) {
if (item->type == SCCONF_ITEM_TYPE_BLOCK &&
strcasecmp(item_name, item->key) == 0) {
if (!item->value.block)
continue;
if (key && strcasecmp(key, item->value.block->name->data)) {
continue;
}
@ -207,21 +207,19 @@ scconf_item *scconf_item_copy(const scconf_item * src, scconf_item ** dst)
{
scconf_item *ptr, *_dst = NULL, *next = NULL;
next = malloc(sizeof(scconf_item));
next = calloc(1, sizeof(scconf_item));
if (!next) {
return NULL;
}
memset(next, 0, sizeof(scconf_item));
ptr = next;
_dst = next;
while (src) {
if (!next) {
next = malloc(sizeof(scconf_item));
next = calloc(1, sizeof(scconf_item));
if (!next) {
scconf_item_destroy(ptr);
return NULL;
}
memset(next, 0, sizeof(scconf_item));
_dst->next = next;
}
next->type = src->type;
@ -281,7 +279,7 @@ scconf_block *scconf_block_copy(const scconf_block * src, scconf_block ** dst)
if (src) {
scconf_block *_dst = NULL;
_dst = malloc(sizeof(scconf_block));
_dst = calloc(1, sizeof(scconf_block));
if (!_dst) {
return NULL;
}
@ -311,11 +309,10 @@ scconf_list *scconf_list_add(scconf_list ** list, const char *value)
{
scconf_list *rec, **tmp;
rec = malloc(sizeof(scconf_list));
rec = calloc(1, sizeof(scconf_list));
if (!rec) {
return NULL;
}
memset(rec, 0, sizeof(scconf_list));
rec->data = value ? strdup(value) : NULL;
if (!*list) {
@ -413,11 +410,10 @@ char *scconf_list_strdup(const scconf_list * list, const char *filler)
}
if (len == 0)
return NULL;
buf = malloc(len);
buf = calloc(1, len);
if (!buf) {
return NULL;
}
memset(buf, 0, len);
while (list && list->data) {
strcat(buf, list->data);
if (filler) {

12
src/scconf/sclex.c
View File

@ -45,17 +45,23 @@ static void buf_init(BUFHAN * bp, FILE * fp, const char *saved_string)
bp->fp = fp;
bp->saved_char = 0;
bp->buf = malloc(256);
bp->bufmax = 256;
if (bp->buf) {
bp->bufmax = 256;
bp->buf[0] = '\0';
} else
bp->bufmax = 0;
bp->bufcur = 0;
bp->buf[0] = '\0';
bp->saved_string = saved_string;
}
static void buf_addch(BUFHAN * bp, char ch)
{
if (bp->bufcur >= bp->bufmax) {
char *p = (char *) realloc(bp->buf, bp->bufmax + 256);
if (!p)
return;
bp->bufmax += 256;
bp->buf = (char *) realloc(bp->buf, bp->bufmax);
bp->buf = p;
}
if (bp->buf) {
bp->buf[bp->bufcur++] = ch;

4
src/tools/opensc-tool.c
View File

@ -167,7 +167,7 @@ static int opensc_get_conf_entry(const char *config)
key++;
blocks = scconf_find_blocks(ctx->conf, NULL, section, name);
if (blocks[0])
if (blocks && blocks[0])
conf_block = blocks[0];
free(blocks);
if (conf_block != NULL) {
@ -224,7 +224,7 @@ static int opensc_set_conf_entry(const char *config)
value++;
blocks = scconf_find_blocks(ctx->conf, NULL, section, name);
if (blocks[0])
if (blocks && blocks[0])
conf_block = blocks[0];
free(blocks);
if (conf_block != NULL) {

7
src/tools/piv-tool.c
View File

@ -213,6 +213,9 @@ static int load_cert(const char * cert_id, const char * cert_file,
derlen = i2d_X509(cert, NULL);
der = malloc(derlen);
if (!der) {
goto err;
}
p = der;
i2d_X509(cert, &p);
}
@ -485,6 +488,10 @@ int main(int argc, char * const argv[])
case 's':
opt_apdus = (char **) realloc(opt_apdus,
(opt_apdu_count + 1) * sizeof(char *));
if (!opt_apdus) {
err = 1;
goto end;
}
opt_apdus[opt_apdu_count] = optarg;
do_send_apdu++;
if (opt_apdu_count == 0)

4
src/tools/pkcs11-tool.c
View File

@ -1054,7 +1054,7 @@ static void list_slots(int tokens, int refresh, int print)
p11_slots = calloc(p11_num_slots, sizeof(CK_SLOT_ID));
if (p11_slots == NULL) {
perror("calloc failed");
return;
exit(1);
}
rv = p11->C_GetSlotList(tokens, p11_slots, &p11_num_slots);
@ -4796,7 +4796,7 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session,
encrypted_len = EVP_PKEY_encrypt(encrypted, orig_data, sizeof(orig_data), pkey);
#endif
EVP_PKEY_free(pkey);
if (encrypted_len <= 0) {
if (((int) encrypted_len) <= 0) {
fprintf(stderr, "Encryption failed, returning\n");
return 0;
}

2
src/tools/pkcs15-tool.c
View File

@ -888,6 +888,8 @@ static void print_ssh_key(FILE *outf, const char * alg, struct sc_pkcs15_object
int r;
uu = malloc(len*2); // Way over - even if we have extra LFs; as each 6 bits take one byte.
if (!uu)
return;
if (opt_rfc4716) {
r = sc_base64_encode(buf, len, uu, 2*len, 64);

20
src/tools/sc-hsm-tool.c
View File

@ -250,6 +250,9 @@ static int createShares(const BIGNUM *s, const unsigned char t, const unsigned c
unsigned long i;
secret_share_t *sp;
if (!polynomial)
return -1;
// Set the secret value as the constant part of the polynomial
pp = polynomial;
*pp = BN_new();
@ -310,6 +313,9 @@ static int reconstructSecret(secret_share_t *shares, unsigned char t, const BIGN
secret_share_t *sp_j;
BN_CTX *ctx;
if (!bValue)
return -1;
// Initialize
pbValue = bValue;
for (i = 0; i < t; i++) {
@ -656,15 +662,17 @@ static int recreate_password_from_shares(char **pwd, int *pwdlen, int num_of_pas
return -1;
}
// Allocate data buffer for the shares
shares = malloc(num_of_password_shares * sizeof(secret_share_t));
if (!shares)
return -1;
/*
* Initialize prime and secret
*/
prime = BN_new();
secret = BN_new();
// Allocate data buffer for the shares
shares = malloc(num_of_password_shares * sizeof(secret_share_t));
printf("\nDeciphering the DKEK for import into the SmartCard-HSM requires %i key custodians", num_of_password_shares);
printf("\nto present their share. Only the first key custodian needs to enter the public prime.");
printf("\nPlease remember to present the share id as well as the share value.");
@ -733,14 +741,16 @@ static int recreate_password_from_shares(char **pwd, int *pwdlen, int num_of_pas
ip = (unsigned char *) inbuf;
*pwdlen = BN_bn2bin(secret, ip);
*pwd = calloc(1, *pwdlen);
memcpy(*pwd, ip, *pwdlen);
if (*pwd) {
memcpy(*pwd, ip, *pwdlen);
}
cleanUpShares(shares, num_of_password_shares);
BN_clear_free(prime);
BN_clear_free(secret);
return 0;
return *pwd ? 0 : -1;
}

3
src/tools/westcos-tool.c
View File

@ -106,7 +106,8 @@ static int do_convert_bignum(sc_pkcs15_bignum_t *dst, const BIGNUM *src)
if (src == 0) return 0;
dst->len = BN_num_bytes(src);
dst->data = malloc(dst->len);
BN_bn2bin(src, dst->data);
if (!dst->data) return 0;
if (!BN_bn2bin(src, dst->data)) return 0;
return 1;
}