giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

iasecc: coverity scan warning OVERRUN-STATIC 

CID 402562: Out-of-bounds read (OVERRUN_STATIC)
This commit is contained in:
Viktor Tarasov 2012-06-11 20:59:45 +02:00
parent 12dcf13236
commit aa46a210fc
3 changed files with 57 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/libopensc/iasecc-sdo.c
View File

@ -194,6 +194,7 @@ iasecc_sdo_free_fields(struct sc_card *card, struct iasecc_sdo *sdo)
} }
} }
void void
iasecc_sdo_free(struct sc_card *card, struct iasecc_sdo *sdo) iasecc_sdo_free(struct sc_card *card, struct iasecc_sdo *sdo)
{ {
@ -238,11 +239,11 @@ iasecc_crt_parse(struct sc_card *card, unsigned char *data, struct iasecc_se_inf
} }
} }
for (ii=0; ii<IASECC_SE_CRTS_MAX; ii++) for (ii=0; ii<SC_MAX_CRTS_IN_SE; ii++)
if (!se->crts[ii].tag) if (!se->crts[ii].tag)
break; break;
if (ii==IASECC_SE_CRTS_MAX) if (ii==SC_MAX_CRTS_IN_SE)
LOG_TEST_RET(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "iasecc_crt_parse() error: too much CRTs in SE"); LOG_TEST_RET(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "iasecc_crt_parse() error: too much CRTs in SE");
memcpy(&se->crts[ii], &crt, sizeof(crt)); memcpy(&se->crts[ii], &crt, sizeof(crt));
@ -263,7 +264,7 @@ iasecc_se_get_crt(struct sc_card *card, struct iasecc_se_info *se, struct sc_crt
sc_log(ctx, "CRT search template: %X:%X:%X, refs %X:%X:...", sc_log(ctx, "CRT search template: %X:%X:%X, refs %X:%X:...",
crt->tag, crt->algo, crt->usage, crt->refs[0], crt->refs[1]); crt->tag, crt->algo, crt->usage, crt->refs[0], crt->refs[1]);
for (ii=0; ii<IASECC_SE_CRTS_MAX && se->crts[ii].tag; ii++) { for (ii=0; ii<SC_MAX_CRTS_IN_SE && se->crts[ii].tag; ii++) {
if (crt->tag != se->crts[ii].tag) if (crt->tag != se->crts[ii].tag)
continue; continue;
if (crt->algo && crt->algo != se->crts[ii].algo) if (crt->algo && crt->algo != se->crts[ii].algo)
@ -297,7 +298,7 @@ iasecc_se_get_crt_by_usage(struct sc_card *card, struct iasecc_se_info *se, unsi
LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS); LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS);
sc_log(ctx, "CRT search template with TAG:0x%X and UQB:0x%X", tag, usage); sc_log(ctx, "CRT search template with TAG:0x%X and UQB:0x%X", tag, usage);
for (ii=0; ii<IASECC_SE_CRTS_MAX && se->crts[ii].tag; ii++) { for (ii=0; ii<SC_MAX_CRTS_IN_SE && se->crts[ii].tag; ii++) {
if (tag != se->crts[ii].tag) if (tag != se->crts[ii].tag)
continue; continue;
if (usage != se->crts[ii].usage) if (usage != se->crts[ii].usage)

4
src/libopensc/iasecc-sdo.h
View File

@ -154,7 +154,7 @@
#define IASECC_SDO_TAGS_UPDATE_MAX 16 #define IASECC_SDO_TAGS_UPDATE_MAX 16
#define IASECC_SE_CRTS_MAX 24 //#define IASECC_SE_CRTS_MAX 24
#define _MAKE_IASECC_SDO_MAGIC(a, b, c, d) (((a) << 24) | ((b) << 16) | ((c) << 8) | ((d))) #define _MAKE_IASECC_SDO_MAGIC(a, b, c, d) (((a) << 24) | ((b) << 16) | ((c) << 8) | ((d)))
@ -163,7 +163,7 @@
#define IASECC_SDO_MAGIC_UPDATE_RSA _MAKE_IASECC_SDO_MAGIC('E', 'C', 'U', 'R') #define IASECC_SDO_MAGIC_UPDATE_RSA _MAKE_IASECC_SDO_MAGIC('E', 'C', 'U', 'R')
#define IASECC_MAX_SCBS 7 #define IASECC_MAX_SCBS 7
#define IASECC_MAX_CRTS_IN_SE 24 //#define IASECC_MAX_CRTS_IN_SE 24
struct iasecc_extended_tlv { struct iasecc_extended_tlv {
unsigned tag; unsigned tag;

2
src/tools/iasecc-tool.c
View File

@ -147,7 +147,7 @@ static int list_sdos(char *sdo_tag)
if (!rv) { if (!rv) {
printf("Found SE #%X\n", se.reference); printf("Found SE #%X\n", se.reference);
_iasecc_print_docp(&se.docp); _iasecc_print_docp(&se.docp);
for(jj=0; jj<IASECC_SE_CRTS_MAX && se.crts[jj].tag; jj++) for(jj=0; jj<SC_MAX_CRTS_IN_SE && se.crts[jj].tag; jj++)
_iasecc_print_crt(&se.crts[jj]); _iasecc_print_crt(&se.crts[jj]);
} }
} }