diff --git a/src/libopensc/asn1.c b/src/libopensc/asn1.c index 3262ed80..dffe9920 100644 --- a/src/libopensc/asn1.c +++ b/src/libopensc/asn1.c @@ -1225,6 +1225,8 @@ static int asn1_encode_se_info(sc_context_t *ctx, if (ret != SC_SUCCESS) goto err; + if (!ptrlen) + continue; p = (unsigned char *) realloc(out, outlen + ptrlen); if (!p) { ret = SC_ERROR_OUT_OF_MEMORY; diff --git a/src/libopensc/card-sc-hsm.c b/src/libopensc/card-sc-hsm.c index aaae65c2..ac4d1e9a 100644 --- a/src/libopensc/card-sc-hsm.c +++ b/src/libopensc/card-sc-hsm.c @@ -520,6 +520,10 @@ static int sc_hsm_perform_chip_authentication(sc_card_t *card) r = sc_read_binary(card, 0, all_certs, all_certs_len, 0); if (r < 0) goto err; + if (r == 0) { + r = SC_ERROR_FILE_NOT_FOUND; + goto err; + } all_certs_len = r; diff --git a/src/libopensc/dir.c b/src/libopensc/dir.c index 9e6263fb..b6c9b646 100644 --- a/src/libopensc/dir.c +++ b/src/libopensc/dir.c @@ -307,6 +307,8 @@ static int update_transparent(sc_card_t *card, sc_file_t *file) free(buf); return r; } + if (!rec_size) + continue; tmp = (u8 *) realloc(buf, buf_size + rec_size); if (!tmp) { if (rec) diff --git a/src/libopensc/pkcs15.c b/src/libopensc/pkcs15.c index 8c4dc7ae..823b236b 100644 --- a/src/libopensc/pkcs15.c +++ b/src/libopensc/pkcs15.c @@ -1983,6 +1983,8 @@ sc_pkcs15_encode_df(struct sc_context *ctx, struct sc_pkcs15_card *p15card, stru free(buf); return r; } + if (!tmpsize) + continue; p = (u8 *) realloc(buf, bufsize + tmpsize); if (!p) { free(tmp); diff --git a/src/libopensc/sc.c b/src/libopensc/sc.c index b18c937f..19407a10 100644 --- a/src/libopensc/sc.c +++ b/src/libopensc/sc.c @@ -672,7 +672,7 @@ int sc_file_set_prop_attr(sc_file_t *file, const u8 *prop_attr, return SC_ERROR_INVALID_ARGUMENTS; } - if (prop_attr == NULL) { + if (prop_attr == NULL || prop_attr_len == 0) { if (file->prop_attr != NULL) free(file->prop_attr); file->prop_attr = NULL; @@ -702,7 +702,7 @@ int sc_file_set_type_attr(sc_file_t *file, const u8 *type_attr, return SC_ERROR_INVALID_ARGUMENTS; } - if (type_attr == NULL) { + if (type_attr == NULL || type_attr_len == 0) { if (file->type_attr != NULL) free(file->type_attr); file->type_attr = NULL; @@ -733,7 +733,7 @@ int sc_file_set_content(sc_file_t *file, const u8 *content, return SC_ERROR_INVALID_ARGUMENTS; } - if (content == NULL) { + if (content == NULL || content_len == 0) { if (file->encoded_content != NULL) free(file->encoded_content); file->encoded_content = NULL; diff --git a/src/pkcs15init/pkcs15-oberthur-awp.c b/src/pkcs15init/pkcs15-oberthur-awp.c index 4972ea87..ab67b6c4 100644 --- a/src/pkcs15init/pkcs15-oberthur-awp.c +++ b/src/pkcs15init/pkcs15-oberthur-awp.c @@ -219,6 +219,8 @@ awp_update_blob(struct sc_context *ctx, *blob_size += 1 + lv->len; break; case TLV_TYPE_V : + if (0 == *blob_size + lv->len) + return SC_ERROR_INVALID_DATA; if (!(pp = realloc(*blob, *blob_size + lv->len))) return SC_ERROR_OUT_OF_MEMORY; memcpy(pp + *blob_size, lv->value, lv->len); diff --git a/src/sm/sm-eac.c b/src/sm/sm-eac.c index 11ad188c..105787f2 100644 --- a/src/sm/sm-eac.c +++ b/src/sm/sm-eac.c @@ -478,7 +478,7 @@ static int format_mse_cdata(struct sc_context *ctx, int protocol, r = SC_ERROR_INTERNAL; goto err; } - if (length < 0) { + if (length <= 0) { r = SC_ERROR_INTERNAL; goto err; } @@ -1321,6 +1321,10 @@ int perform_pace(sc_card_t *card, r = SC_ERROR_INTERNAL; goto err; } + if (comp_pub_opp->length == 0) { + r = SC_ERROR_INTERNAL; + goto err; + } p = realloc(pace_output->id_icc, comp_pub_opp->length); if (!p) { sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Not enough memory for ID ICC.\n"); @@ -1333,6 +1337,10 @@ int perform_pace(sc_card_t *card, memcpy(pace_output->id_icc, comp_pub_opp->data, comp_pub_opp->length); sc_debug_hex(card->ctx, SC_LOG_DEBUG_SM, "ID ICC", pace_output->id_icc, pace_output->id_icc_length); + if (comp_pub->length == 0) { + r = SC_ERROR_INTERNAL; + goto err; + } p = realloc(pace_output->id_pcd, comp_pub->length); if (!p) { sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Not enough memory for ID PCD.\n"); @@ -1927,7 +1935,7 @@ eac_sm_encrypt(sc_card_t *card, const struct iso_sm_ctx *ctx, databuf = BUF_MEM_create_init(data, datalen); encbuf = EAC_encrypt(eacsmctx->ctx, databuf); - if (!databuf || !encbuf) { + if (!databuf || !encbuf || !encbuf->length) { sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not encrypt data."); ssl_error(card->ctx); r = SC_ERROR_INTERNAL; @@ -1969,7 +1977,7 @@ eac_sm_decrypt(sc_card_t *card, const struct iso_sm_ctx *ctx, encbuf = BUF_MEM_create_init(enc, enclen); databuf = EAC_decrypt(eacsmctx->ctx, encbuf); - if (!encbuf || !databuf) { + if (!encbuf || !databuf || !databuf->length) { sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not decrypt data."); ssl_error(card->ctx); r = SC_ERROR_INTERNAL; @@ -2016,7 +2024,7 @@ eac_sm_authenticate(sc_card_t *card, const struct iso_sm_ctx *ctx, } macbuf = EAC_authenticate(eacsmctx->ctx, inbuf); - if (!macbuf) { + if (!macbuf || !macbuf->length) { sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not compute message authentication code (MAC)."); ssl_error(card->ctx); @@ -2105,7 +2113,7 @@ add_tag(unsigned char **asn1new, int constructed, int tag, return -1; newlen = ASN1_object_size(constructed, len, tag); - if (newlen < 0) + if (newlen <= 0) return newlen; p = OPENSSL_realloc(*asn1new, newlen); diff --git a/src/sm/sm-iso.c b/src/sm/sm-iso.c index cfa25732..41b32a6b 100644 --- a/src/sm/sm-iso.c +++ b/src/sm/sm-iso.c @@ -92,7 +92,12 @@ add_padding(const struct iso_sm_ctx *ctx, const u8 *data, size_t datalen, switch (ctx->padding_indicator) { case SM_NO_PADDING: if (*padded != data) { - p = realloc(*padded, datalen); + if (datalen == 0) { + free(*padded); + p = malloc(datalen); + } else { + p = realloc(*padded, datalen); + } if (!p) return SC_ERROR_OUT_OF_MEMORY; *padded = p; @@ -146,7 +151,7 @@ static int format_le(size_t le, struct sc_asn1_entry *le_entry, { u8 *p; - if (!lebuf || !le_len) + if (!lebuf || !le_len || !*le_len) return SC_ERROR_INVALID_ARGUMENTS; p = realloc(*lebuf, *le_len);