From 73715e37d92f60b4afbc6c608cbc281313781eb1 Mon Sep 17 00:00:00 2001 From: Frank Morgner Date: Sun, 7 Dec 2014 17:19:57 +0100 Subject: [PATCH] fixed compiler warnings fixed warnings introduced with b18c86e64621fa61555831802d9cd597e24e0ebc fixes memory leaks in pkcs15-init and pkcs15-tool --- src/tools/pkcs15-init.c | 60 ++++++++++++++++++++++++++-------------- src/tools/pkcs15-tool.c | 50 ++++++++++++++++++++++----------- src/tools/sc-hsm-tool.c | 16 ++++------- src/tools/westcos-tool.c | 10 +++---- 4 files changed, 83 insertions(+), 53 deletions(-) diff --git a/src/tools/pkcs15-init.c b/src/tools/pkcs15-init.c index b3d00581..52b78276 100644 --- a/src/tools/pkcs15-init.c +++ b/src/tools/pkcs15-init.c @@ -348,8 +348,9 @@ static char * opt_puk_label = NULL; static char * opt_pubkey_label = NULL; static char * opt_cert_label = NULL; static const char * opt_pins[4]; +static char * pins[4]; static char * opt_serial = NULL; -static char * opt_passphrase = NULL; +static const char * opt_passphrase = NULL; static char * opt_newkey = NULL; static char * opt_outkey = NULL; static char * opt_application_id = NULL; @@ -458,6 +459,10 @@ main(int argc, char **argv) return 1; } + for (n = 0; n < sizeof pins; n++) { + pins[n] = NULL; + } + for (n = 0; n < ACTION_MAX; n++) { unsigned int action = n; @@ -577,6 +582,10 @@ main(int argc, char **argv) } } + for (n = 0; n < sizeof pins; n++) { + free(pins[n]); + } + out: if (profile) { sc_pkcs15init_unbind(profile); @@ -754,9 +763,10 @@ do_init_app(struct sc_profile *profile) if (!opt_pins[2] && !opt_no_prompt && !opt_no_sopin) { - r = get_new_pin(&hints, role, "pin", &opt_pins[2]); + r = get_new_pin(&hints, role, "pin", &pins[2]); if (r < 0) goto failed; + opt_pins[2] = pins[2]; } if (!so_puk_disabled && opt_pins[2] && !opt_pins[3] && !opt_no_prompt) { @@ -766,9 +776,10 @@ do_init_app(struct sc_profile *profile) role = "user"; hints.flags |= SC_UI_PIN_OPTIONAL; - r = get_new_pin(&hints, role, "puk", &opt_pins[3]); + r = get_new_pin(&hints, role, "puk", &pins[3]); if (r < 0) goto failed; + opt_pins[3] = pins[3]; } args.so_pin = (const u8 *) opt_pins[2]; @@ -819,9 +830,11 @@ do_store_pin(struct sc_profile *profile) } sc_pkcs15init_get_pin_info(profile, SC_PKCS15INIT_USER_PIN, &info); - if (opt_pins[0] == NULL) - if ((r = get_new_pin(&hints, "user", "pin", &opt_pins[0])) < 0) + if (opt_pins[0] == NULL) { + if ((r = get_new_pin(&hints, "user", "pin", &pins[0])) < 0) goto failed; + opt_pins[0] = pins[0]; + } if (*opt_pins[0] == '\0') { util_error("You must specify a PIN\n"); @@ -839,9 +852,9 @@ do_store_pin(struct sc_profile *profile) sc_pkcs15init_get_pin_info(profile, SC_PKCS15INIT_USER_PUK, &info); hints.flags |= SC_UI_PIN_OPTIONAL; - if ((r = get_new_pin(&hints, "user", "puk", &opt_pins[1])) < 0) + if ((r = get_new_pin(&hints, "user", "puk", &pins[1])) < 0) goto failed; - + opt_pins[1] = pins[1]; } if (opt_puk_authid && opt_pins[1]) @@ -1693,19 +1706,19 @@ get_pin_callback(struct sc_profile *profile, switch (id) { case SC_PKCS15INIT_USER_PIN: name = "User PIN"; - secret = opt_pins[OPT_PIN1 & 3]; + secret = (char *) opt_pins[OPT_PIN1 & 3]; break; case SC_PKCS15INIT_USER_PUK: name = "User PIN unlock key"; - secret = opt_pins[OPT_PUK1 & 3]; + secret = (char *) opt_pins[OPT_PUK1 & 3]; break; case SC_PKCS15INIT_SO_PIN: name = "Security officer PIN"; - secret = opt_pins[OPT_PIN2 & 3]; + secret = (char *) opt_pins[OPT_PIN2 & 3]; break; case SC_PKCS15INIT_SO_PUK: name = "Security officer PIN unlock key"; - secret = opt_pins[OPT_PUK2 & 3]; + secret = (char *) opt_pins[OPT_PUK2 & 3]; break; } } @@ -1713,22 +1726,22 @@ get_pin_callback(struct sc_profile *profile, if (!(info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN) && !(info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)) { name = "User PIN"; - secret = opt_pins[OPT_PIN1 & 3]; + secret = (char *) opt_pins[OPT_PIN1 & 3]; } else if (!(info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN) && (info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)) { name = "User PUK"; - secret = opt_pins[OPT_PUK1 & 3]; + secret = (char *) opt_pins[OPT_PUK1 & 3]; } else if ((info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN) && !(info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)) { name = "Security officer PIN"; - secret = opt_pins[OPT_PIN2 & 3]; + secret = (char *) opt_pins[OPT_PIN2 & 3]; } else if ((info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN) && (info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)) { name = "Security officer PIN unlock key"; - secret = opt_pins[OPT_PUK2 & 3]; + secret = (char *) opt_pins[OPT_PUK2 & 3]; } } if (secret) @@ -1997,7 +2010,7 @@ do_read_private_key(const char *filename, const char *format, int r; if (opt_passphrase) - passphrase = opt_passphrase; + passphrase = (char *) opt_passphrase; if (!format || !strcasecmp(format, "pem")) { r = do_read_pem_private_key(filename, passphrase, pk); @@ -2026,8 +2039,12 @@ do_read_private_key(const char *filename, const char *format, return SC_ERROR_NOT_SUPPORTED; } + if (NULL == opt_passphrase) + free(passphrase); + if (r < 0) util_fatal("Unable to read private key from %s\n", filename); + return r; } @@ -2157,7 +2174,7 @@ static size_t determine_filesize(const char *filename) static int do_read_data_object(const char *name, u8 **out, size_t *outlen) { - FILE *inf; + FILE *inf; size_t filesize = determine_filesize(name); int c; @@ -2452,8 +2469,6 @@ handle_option(const struct option *opt) opt_serial = optarg; break; case OPT_PASSPHRASE: - free(opt_passphrase); - opt_passphrase = NULL; util_get_pin(optarg, &opt_passphrase); break; case OPT_PUBKEY: @@ -2773,7 +2788,7 @@ static int verify_pin(struct sc_pkcs15_card *p15card, char *auth_id_str) { struct sc_pkcs15_object *pin_obj = NULL; char pin_label[64]; - char *pin; + char *pin = NULL; int r; if (!auth_id_str) { @@ -2817,7 +2832,7 @@ static int verify_pin(struct sc_pkcs15_card *p15card, char *auth_id_str) } if (opt_pins[0] != NULL) { - pin = opt_pins[0]; + pin = (char *) opt_pins[0]; } else { sc_ui_hints_t hints; @@ -2844,5 +2859,8 @@ static int verify_pin(struct sc_pkcs15_card *p15card, char *auth_id_str) if (r < 0) fprintf(stderr, "Operation failed: %s\n", sc_strerror(r)); + if (NULL == opt_pins[0]) + free(pin); + return r; } diff --git a/src/tools/pkcs15-tool.c b/src/tools/pkcs15-tool.c index e5689fc0..603a7534 100644 --- a/src/tools/pkcs15-tool.c +++ b/src/tools/pkcs15-tool.c @@ -52,9 +52,9 @@ static char * opt_data = NULL; static char * opt_pubkey = NULL; static char * opt_outfile = NULL; static char * opt_bind_to_aid = NULL; -static const u8 * opt_newpin = NULL; -static const u8 * opt_pin = NULL; -static const u8 * opt_puk = NULL; +static const char * opt_newpin = NULL; +static const char * opt_pin = NULL; +static const char * opt_puk = NULL; static int verbose = 0; static int opt_no_prompt = 0; @@ -1116,7 +1116,7 @@ static int verify_pin(void) } if (opt_pin != NULL) - pin = opt_pin; + pin = (unsigned char *) opt_pin; else pin = get_pin("Please enter PIN", pin_obj); @@ -1127,13 +1127,16 @@ static int verify_pin(void) return -1; } + if (opt_pin == NULL) + free(pin); + return 0; } static int authenticate(sc_pkcs15_object_t *obj) { sc_pkcs15_object_t *pin_obj; - u8 *pin; + u8 *pin = NULL; int r; if (obj->auth_id.len == 0) @@ -1143,11 +1146,16 @@ static int authenticate(sc_pkcs15_object_t *obj) return r; if (opt_pin != NULL) - pin = opt_pin; + pin = (u8 *) opt_pin; else pin = get_pin("Please enter PIN", pin_obj); - return sc_pkcs15_verify_pin(p15card, pin_obj, pin, pin? strlen((char *) pin) : 0); + r = sc_pkcs15_verify_pin(p15card, pin_obj, pin, pin? strlen((char *) pin) : 0); + + if (opt_pin == NULL) + free(pin); + + return r; } static void print_pin_info(const struct sc_pkcs15_object *obj) @@ -1307,7 +1315,7 @@ static int unblock_pin(void) if (pinfo->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN) return 1; - puk = opt_puk; + puk = (u8 *) opt_puk; if (puk == NULL) { sc_pkcs15_object_t *puk_obj = NULL; @@ -1338,7 +1346,7 @@ static int unblock_pin(void) printf("PUK value will be prompted with pinpad.\n"); /* FIXME should OPENSSL_cleanse on pin/puk data */ - pin = opt_pin ? opt_pin : opt_newpin; + pin = opt_pin ? (u8 *) opt_pin : (u8 *) opt_newpin; while (pin == NULL) { u8 *pin2; @@ -1365,7 +1373,12 @@ static int unblock_pin(void) r = sc_pkcs15_unblock_pin(p15card, pin_obj, puk, puk ? strlen((char *) puk) : 0, pin, pin ? strlen((char *) pin) : 0); - /* FIXME must free the puk somewhere */ + + if (NULL == opt_puk) + free(puk); + if (NULL == opt_pin && NULL == opt_newpin) + free(pin); + if (r == SC_ERROR_PIN_CODE_INCORRECT) { fprintf(stderr, "PUK code incorrect; tries left: %d\n", pinfo->tries_left); return 3; @@ -1405,7 +1418,7 @@ static int change_pin(void) } } - pincode = opt_pin; + pincode = (u8 *) opt_pin; if (pincode == NULL) { pincode = get_pin("Enter old PIN", pin_obj); if (!pinpad_present && pincode == NULL) @@ -1420,7 +1433,7 @@ static int change_pin(void) if (pincode == NULL && verbose) printf("Old PIN value will be prompted with pinpad.\n"); - newpin = opt_newpin; + newpin = (u8 *) opt_newpin; while (newpin == NULL) { u8 *newpin2; @@ -1459,7 +1472,12 @@ static int change_pin(void) } if (verbose) printf("PIN code changed successfully.\n"); - /* FIXME must free the pincode somewhere */ + + if (opt_pin == NULL) + free(pincode); + if (opt_newpin == NULL) + free(newpin); + return 0; } @@ -1890,13 +1908,13 @@ int main(int argc, char * const argv[]) opt_reader = optarg; break; case OPT_PIN: - util_get_pin(optarg, (const u8 **) &opt_pin); + util_get_pin(optarg, &opt_pin); break; case OPT_NEWPIN: - util_get_pin(optarg, (const u8 **) &opt_newpin); + util_get_pin(optarg, &opt_newpin); break; case OPT_PUK: - util_get_pin(optarg, (const u8 **) &opt_puk); + util_get_pin(optarg, &opt_puk); break; case 'o': opt_outfile = optarg; diff --git a/src/tools/sc-hsm-tool.c b/src/tools/sc-hsm-tool.c index 2d173a0e..ac94aa90 100644 --- a/src/tools/sc-hsm-tool.c +++ b/src/tools/sc-hsm-tool.c @@ -664,7 +664,7 @@ static int recreate_password_from_shares(char **pwd, int *pwdlen, int num_of_pas -static int import_dkek_share(sc_card_t *card, const char *inf, int iter, char *password, int num_of_password_shares) +static int import_dkek_share(sc_card_t *card, const char *inf, int iter, const char *password, int num_of_password_shares) { sc_cardctl_sc_hsm_dkek_t dkekinfo; EVP_CIPHER_CTX ctx; @@ -712,7 +712,7 @@ static int import_dkek_share(sc_card_t *card, const char *inf, int iter, char *p } } else { - pwd = password; + pwd = (char *) password; pwdlen = strlen(password); } @@ -904,7 +904,7 @@ static int generate_pwd_shares(sc_card_t *card, char **pwd, int *pwdlen, int pas -static int create_dkek_share(sc_card_t *card, const char *outf, int iter, char *password, int password_shares_threshold, int password_shares_total) +static int create_dkek_share(sc_card_t *card, const char *outf, int iter, const char *password, int password_shares_threshold, int password_shares_total) { EVP_CIPHER_CTX ctx; FILE *out = NULL; @@ -927,7 +927,7 @@ static int create_dkek_share(sc_card_t *card, const char *outf, int iter, char * } } else { - pwd = password; + pwd = (char *) password; pwdlen = strlen(password); } @@ -1439,7 +1439,7 @@ int main(int argc, char * const argv[]) const char *opt_so_pin = NULL; const char *opt_pin = NULL; const char *opt_filename = NULL; - char *opt_password = NULL; + const char *opt_password = NULL; int opt_retry_counter = 3; int opt_dkek_shares = -1; int opt_key_reference = -1; @@ -1484,18 +1484,12 @@ int main(int argc, char * const argv[]) action_count++; break; case OPT_PASSWORD: - free(opt_password); - opt_password = NULL; util_get_pin(optarg, &opt_password); break; case OPT_SO_PIN: - free(opt_so_pin); - opt_so_pin = NULL; util_get_pin(optarg, &opt_so_pin); break; case OPT_PIN: - free(opt_pin); - opt_pin = NULL; util_get_pin(optarg, &opt_pin); break; case OPT_RETRY: diff --git a/src/tools/westcos-tool.c b/src/tools/westcos-tool.c index 83ece8e8..54a5d65d 100644 --- a/src/tools/westcos-tool.c +++ b/src/tools/westcos-tool.c @@ -126,7 +126,7 @@ static void print_openssl_error(void) printf("%s\n", ERR_error_string(r, NULL)); } -static int verify_pin(sc_card_t *card, int pin_reference, char *pin_value) +static int verify_pin(sc_card_t *card, int pin_reference, const char *pin_value) { int r, tries_left = -1; struct sc_pin_cmd_data data; @@ -178,8 +178,8 @@ static int verify_pin(sc_card_t *card, int pin_reference, char *pin_value) static int change_pin(sc_card_t *card, int pin_reference, - char *pin_value1, - char *pin_value2) + const char *pin_value1, + const char *pin_value2) { int r, tries_left = -1; struct sc_pin_cmd_data data; @@ -236,8 +236,8 @@ static int change_pin(sc_card_t *card, static int unlock_pin(sc_card_t *card, int pin_reference, - char *puk_value, - char *pin_value) + const char *puk_value, + const char *pin_value) { int r, tries_left = -1; struct sc_pin_cmd_data data;