From 6f0f42c5068f951a21274a26f8abc0b9326ea245 Mon Sep 17 00:00:00 2001 From: Frank Morgner Date: Wed, 12 Dec 2018 16:49:16 +0100 Subject: [PATCH] fixed use of uninitialized data When card->sm_ctx.ops.free_sm_apdu gets called in sc_sm_single_transmit with a prior transmission error, then `sm_encrypt` still tries to decrypt the response and hence, accesses the previously uninitialized `resp`. --- src/sm/sm-iso.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sm/sm-iso.c b/src/sm/sm-iso.c index b9c14569..299e8781 100644 --- a/src/sm/sm-iso.c +++ b/src/sm/sm-iso.c @@ -491,7 +491,7 @@ static int sm_encrypt(const struct iso_sm_ctx *ctx, sc_card_t *card, sm_apdu->resplen = SC_MAX_APDU_BUFFER_SIZE; #endif } - resp_data = malloc(sm_apdu->resplen); + resp_data = calloc(sm_apdu->resplen); if (!resp_data) { r = SC_ERROR_OUT_OF_MEMORY; goto err;