Merge pull request #554 from frankmorgner/fixes

Some more fixes for problems reported by Coverity scan
2015-09-25 11:13:17 +02:00 · 2015-09-25 11:13:17 +02:00 · 7120a9b549
parent 4814863d18 1e2a42dae5
commit 7120a9b549
18 changed files with 49 additions and 29 deletions
--- a/src/libopensc/card-authentic.c
+++ b/src/libopensc/card-authentic.c
@ -1577,7 +1577,6 @@ authentic_pin_reset(struct sc_card *card, struct sc_pin_cmd_data *data, int *tri
 {
 	struct sc_context *ctx = card->ctx;
 	struct authentic_private_data *prv_data = (struct authentic_private_data *) card->drv_data;
-	struct sc_file *save_current = NULL;
 	struct sc_pin_cmd_data pin_cmd, puk_cmd;
 	struct sc_apdu apdu;
 	unsigned reference;
@ -1653,10 +1652,6 @@ authentic_pin_reset(struct sc_card *card, struct sc_pin_cmd_data *data, int *tri
 		LOG_TEST_RET(ctx, rv, "Failed to set PIN with pin-pad");
 	}

-	if (save_current)   {
-		rv = authentic_select_file(card, &save_current->path, NULL);
-		LOG_TEST_RET(ctx, rv, "Cannot return to saved PATH");
-	}
 	LOG_FUNC_RETURN(ctx, rv);
 }

--- a/src/libopensc/card-dnie.c
+++ b/src/libopensc/card-dnie.c
@ -637,12 +637,12 @@ static unsigned long le2ulong(u8 * pt)
 */
 static u8 *dnie_uncompress(sc_card_t * card, u8 * from, size_t *len)
 {
-	int res = SC_SUCCESS;
 	u8 *upt = from;
+#ifdef ENABLE_ZLIB
+	int res = SC_SUCCESS;
 	size_t uncompressed = 0L;
 	size_t compressed = 0L;

-#ifdef ENABLE_ZLIB
 	if (!card || !card->ctx || !from || !len)
 		return NULL;
 	LOG_FUNC_CALLED(card->ctx);
--- a/src/libopensc/card-iasecc.c
+++ b/src/libopensc/card-iasecc.c
@ -2166,7 +2166,7 @@ iasecc_pin_get_policy (struct sc_card *card, struct sc_pin_cmd_data *data)
 	if (sdo.docp.acls_contact.size == 0)
 		LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Extremely strange ... there is no ACLs");

-	sc_log(ctx, "iasecc_pin_get_policy() sdo.docp.size.size %i %02X:%02X", sdo.docp.size.size, *(sdo.docp.size.value + 0),  *(sdo.docp.size.value + 1));
+	sc_log(ctx, "iasecc_pin_get_policy() sdo.docp.size.size %i", sdo.docp.size.size);
 	for (ii=0; ii<sizeof(sdo.docp.scbs); ii++)   {
 		struct iasecc_se_info se;
 		unsigned char scb = sdo.docp.scbs[ii];
@ -3357,7 +3357,7 @@ iasecc_compute_signature(struct sc_card *card,

 static int
 iasecc_read_public_key(struct sc_card *card, unsigned type,
-		struct sc_path *key_path, unsigned ref, size_t size,
+		struct sc_path *key_path, unsigned ref, unsigned size,
 		unsigned char **out, size_t *out_len)
 {
 	struct sc_context *ctx = card->ctx;
--- a/src/libopensc/card-oberthur.c
+++ b/src/libopensc/card-oberthur.c
@ -185,7 +185,7 @@ auth_select_aid(struct sc_card *card)
 	memcpy(card->serialnr.value, apdu.resp+15, 4);

 	for (ii=0, data->sn = 0; ii < 4; ii++)
-		data->sn += (int)(*(apdu.resp + 15 + ii)) << (3-ii)*8;
+		data->sn += (long int)(*(apdu.resp + 15 + ii)) << (3-ii)*8;

 	sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "serial number %li/0x%lX\n", data->sn, data->sn);

--- a/src/libopensc/card-openpgp.c
+++ b/src/libopensc/card-openpgp.c
@ -2241,6 +2241,8 @@ pgp_build_extended_header_list(sc_card_t *card, sc_cardctl_openpgp_keystore_info
 	if (key_info->e_len < req_e_len) {
 		/* Create new buffer */
 		p = calloc(req_e_len, 1);
+		if (!p)
+			LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_ENOUGH_MEMORY);
 		memcpy(p + req_e_len - key_info->e_len, key_info->e, key_info->e_len);
 		key_info->e_len = req_e_len;
 		/* Set key_info->e to new buffer */
--- a/src/libopensc/card-piv.c
+++ b/src/libopensc/card-piv.c
@ -1391,7 +1391,6 @@ static const EVP_CIPHER *get_cipher_for_algo(int alg_id)
 		default: return NULL;
 	}
 }
-#endif

 static int get_keylen(unsigned int alg_id, size_t *size)
 {
@ -1450,9 +1449,17 @@ static int piv_get_key(sc_card_t *card, unsigned int alg_id, u8 **key, size_t *l
 		goto err;
 	}

-	fseek(f, 0L, SEEK_END);
+	if (0 > fseek(f, 0L, SEEK_END))
+		r = SC_ERROR_INTERNAL;
 	fsize = ftell(f);
-	fseek(f, 0L, SEEK_SET);
+	if (0 > (long) fsize)
+		r = SC_ERROR_INTERNAL;
+	if (0 > fseek(f, 0L, SEEK_SET))
+		r = SC_ERROR_INTERNAL;
+	if(r) {
+		sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not read %s\n", keyfilename);
+		goto err;
+	}

 	keybuf = malloc(fsize+1); /* if not binary, need null to make it a string */
 	if (!keybuf) {
@ -1508,6 +1515,7 @@ err:
 	SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r);
 	return r;
 }
+#endif

 /*
 * will only deal with 3des for now
--- a/src/libopensc/card-westcos.c
+++ b/src/libopensc/card-westcos.c
@ -1097,12 +1097,12 @@ static int westcos_sign_decipher(int mode, sc_card_t *card,
 				 size_t outlen)
 {
 	int r;
+	sc_file_t *keyfile = sc_file_new();
+#ifdef ENABLE_OPENSSL
 	int idx = 0;
 	u8 buf[180];
-	sc_file_t *keyfile = sc_file_new();
 	priv_data_t *priv_data = NULL;
 	int pad;
-#ifdef ENABLE_OPENSSL
 	RSA *rsa = NULL;
 	BIO *mem = BIO_new(BIO_s_mem());
 #endif
@ -1234,8 +1234,8 @@ out:
 		BIO_free(mem);
 	if (rsa)
 		RSA_free(rsa);
-#endif /* ENABLE_OPENSSL */
 out2:
+#endif /* ENABLE_OPENSSL */
 	if (keyfile)
 		sc_file_free(keyfile);
 	return r;
--- a/src/libopensc/ctbcs.c
+++ b/src/libopensc/ctbcs.c
@ -143,6 +143,8 @@ ctbcs_build_modify_verification_apdu(sc_apdu_t *apdu, struct sc_pin_cmd_data *da
 		return SC_ERROR_BUFFER_TOO_SMALL;

 	j = count;
+	if (j + 2 > buflen)
+		return SC_ERROR_BUFFER_TOO_SMALL;
 	buf[j++] = CTBCS_TAG_VERIFY_CMD;
 	buf[j++] = 0x00;

@ -154,6 +156,8 @@ ctbcs_build_modify_verification_apdu(sc_apdu_t *apdu, struct sc_pin_cmd_data *da
 		return SC_ERROR_INVALID_ARGUMENTS;
 	if (data->pin1.min_length == data->pin1.max_length)
 		control |= data->pin1.min_length << CTBCS_PIN_CONTROL_LEN_SHIFT;
+	if (j + 7 > buflen)
+		return SC_ERROR_BUFFER_TOO_SMALL;
 	buf[j++] = control;
 	buf[j++] = data->pin1.offset+1; /* Looks like offset is 1-based in CTBCS */
 	buf[j++] = data->pin2.offset+1;
@ -170,6 +174,8 @@ ctbcs_build_modify_verification_apdu(sc_apdu_t *apdu, struct sc_pin_cmd_data *da
 		memset(buf+j, data->pin1.pad_char, len);
 		j += len;
 	}
+	if (count > buflen)
+		return SC_ERROR_BUFFER_TOO_SMALL;
 	buf[count+1] = j - count - 2;
 	count = j;

--- a/src/libopensc/muscle.c
+++ b/src/libopensc/muscle.c
@ -601,7 +601,9 @@ int msc_extract_rsa_public_key(sc_card_t *card,
 	if(buffer[0] != MSC_RSA_PUBLIC) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED);
 	*modLength = (buffer[3] << 8) | buffer[4];
 	/* Read the modulus and the exponent length */
-	
+
+	if (*modLength + 2 > sizeof buffer)
+		SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY);
 	r = msc_read_object(card, inputId, fileLocation, buffer, *modLength + 2);
 	fileLocation += *modLength + 2;
 	if(r < 0) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r);
--- a/src/libopensc/pkcs15-gemsafeV1.c
+++ b/src/libopensc/pkcs15-gemsafeV1.c
@ -256,6 +256,8 @@ static int gemsafe_get_cert_len(sc_card_t *card)
 				return SC_SUCCESS;
 			}
 			/* DER cert len is encoded this way */
+			if (ind+3 >= sizeof ibuf)
+				return SC_ERROR_INVALID_DATA;
 			certlen = ((((size_t) ibuf[ind+2]) << 8) | ibuf[ind+3]) + 4;
 			sc_log(card->ctx, "Found certificate of key container %d at offset %d, len %d", i+1, ind, certlen);
 			gemsafe_cert[i].index = ind;
--- a/src/libopensc/pkcs15-itacns.c
+++ b/src/libopensc/pkcs15-itacns.c
@ -199,8 +199,8 @@ static int itacns_add_cert(sc_pkcs15_card_t *p15card,
 	sc_pkcs15_object_t    obj;
 #ifdef ENABLE_OPENSSL
 	X509 *x509;
-#endif
 	sc_pkcs15_cert_t *cert;
+#endif

 	SC_FUNC_CALLED(p15card->card->ctx, 1);
 	
--- a/src/libopensc/pkcs15-tccardos.c
+++ b/src/libopensc/pkcs15-tccardos.c
@ -212,6 +212,7 @@ static int parse_EF_CardInfo(sc_pkcs15_card_t *p15card)
 	u8     *p1, *p2;
 	size_t key_num, i;
 	struct sc_context *ctx = p15card->card->ctx;
+	size_t offset;

 	/* read EF_CardInfo1 */
 	r = read_file(p15card->card, "3F001003b200", info1, &info1_len);
@ -227,7 +228,10 @@ static int parse_EF_CardInfo(sc_pkcs15_card_t *p15card)
 	sc_debug(ctx, SC_LOG_DEBUG_NORMAL,
 		"found %d private keys\n", (int)key_num);
 	/* set p1 to the address of the first key descriptor */
-	p1 = info1 + (info1_len - 4 - key_num * 2);
+	offset = info1_len - 4 - key_num * 2;
+	if (offset >= sizeof info1)
+		return SC_ERROR_INVALID_DATA;
+	p1 = info1 + offset;
 	p2 = info2;
 	for (i=0; i<key_num; i++) {
 		u8   pinId, keyId, cert_count;
--- a/src/pkcs15init/pkcs15-cardos.c
+++ b/src/pkcs15init/pkcs15-cardos.c
@ -409,7 +409,7 @@ static int
 cardos_delete_object(sc_profile_t *profile, struct sc_pkcs15_card *p15card,
 		struct sc_pkcs15_object *obj, const struct sc_path *path)
 {
-	int r, stored_in_ef = 0, algorithm = 0;
+	int r = SC_SUCCESS, stored_in_ef = 0, algorithm = 0;
 	size_t keybits;
 	sc_file_t *file = NULL;
 	struct sc_pkcs15_prkey_info *key_info;
--- a/src/pkcs15init/pkcs15-isoApplet.c
+++ b/src/pkcs15init/pkcs15-isoApplet.c
@ -186,7 +186,7 @@ isoApplet_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t

 	LOG_FUNC_CALLED(card->ctx);

-	if(!profile || !p15card || !df || !p15card->card || !p15card->card->ctx)
+	if(!profile || !df || !p15card->card->ctx)
 	{
 		LOG_FUNC_RETURN(card->ctx, SC_ERROR_INVALID_ARGUMENTS);
 	}
@ -265,7 +265,7 @@ isoApplet_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t

 	LOG_FUNC_CALLED(card->ctx);

-	if(!pin || !pin_len || !p15card || !p15card->card || !df || !&df->path)
+	if(!pin || !pin_len || !df || !&df->path)
 	{
 		LOG_FUNC_RETURN(card->ctx, SC_ERROR_INVALID_ARGUMENTS);
 	}
--- a/src/pkcs15init/pkcs15-lib.c
+++ b/src/pkcs15init/pkcs15-lib.c
@ -2237,6 +2237,9 @@ int
 sc_pkcs15init_select_intrinsic_id(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
 		int type, struct sc_pkcs15_id *id_out, void *data)
 {
+#ifndef ENABLE_OPENSSL
+	LOG_FUNC_RETURN(p15card->card->ctx, SC_SUCCESS);
+#else
 	struct sc_context *ctx = p15card->card->ctx;
 	struct sc_pkcs15_pubkey *pubkey = NULL;
 	unsigned id_style;
@ -2246,9 +2249,7 @@ sc_pkcs15init_select_intrinsic_id(struct sc_pkcs15_card *p15card, struct sc_prof
 	int rv, allocated = 0;

 	LOG_FUNC_CALLED(ctx);
-#ifndef ENABLE_OPENSSL
-	LOG_FUNC_RETURN(ctx, SC_SUCCESS);
-#else
+
 	if (!id_out || !profile)
 		LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS);

--- a/src/pkcs15init/pkcs15-oberthur.c
+++ b/src/pkcs15init/pkcs15-oberthur.c
@ -760,6 +760,7 @@ cosm_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
 }


+#ifdef ENABLE_OPENSSL
 static int
 cosm_emu_update_dir (struct sc_profile *profile, struct sc_pkcs15_card *p15card,
 		struct sc_app_info *info)
@ -778,7 +779,6 @@ cosm_emu_update_any_df(struct sc_profile *profile, struct sc_pkcs15_card *p15car
 	int rv = SC_ERROR_NOT_SUPPORTED;

 	SC_FUNC_CALLED(ctx, 1);
-#ifdef ENABLE_OPENSSL
 	switch(op)   {
 	case SC_AC_OP_ERASE:
 		sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Update DF; erase object('%s',type:%X)", object->label, object->type);
@ -789,7 +789,6 @@ cosm_emu_update_any_df(struct sc_profile *profile, struct sc_pkcs15_card *p15car
 		rv = awp_update_df_create(p15card, profile, object);
 		break;
 	}
-#endif
 	SC_FUNC_RETURN(ctx, 1, rv);
 }

@ -847,6 +846,7 @@ cosm_emu_write_info(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
 	/* No OpenSC Info file in the native Oberthur card */
 	SC_FUNC_RETURN(p15card->card->ctx, 1, SC_SUCCESS);
 }
+#endif


 static struct sc_pkcs15init_operations
--- a/src/scconf/parse.c
+++ b/src/scconf/parse.c
@ -270,7 +270,7 @@ void scconf_parse_token(scconf_parser * parser, int token_type, const char *toke
 				scconf_parse_warning_expect(parser, ";");
 				scconf_parse_reset_state(parser);
 			}
-			if (*token == '"') {
+			if (token && *token == '"') {
 				/* quoted string, remove them */
 				token++;
 				len = strlen(token);
--- a/src/tools/pkcs15-tool.c
+++ b/src/tools/pkcs15-tool.c
@ -835,7 +835,7 @@ static void print_ssh_key(FILE *outf, const char * alg, struct sc_pkcs15_object
 			return;

 		if (obj->label && strlen(obj->label)) 
-			fprintf(outf,"ssh-%s %s %s\n", alg, uu, obj->label);
+			fprintf(outf,"ssh-%s %s %.*s\n", alg, uu, sizeof obj->label, obj->label);
 		else
 			fprintf(outf,"ssh-%s %s\n", alg, uu);
 	}