iasecc: coverity scan warning OVERRUN-STATIC
CID 402562: Out-of-bounds read (OVERRUN_STATIC)
This commit is contained in:
Viktor Tarasov
parent
12dcf13236
commit
aa46a210fc
|
|
@ -1,9 +1,9 @@
|
||||||
/*
|
/*
|
||||||
* iasecc-sdo.c: library to manipulate the Security Data Objects (SDO)
|
* iasecc-sdo.c: library to manipulate the Security Data Objects (SDO)
|
||||||
* used by IAS/ECC card support.
|
* used by IAS/ECC card support.
|
||||||
*
|
*
|
||||||
* Copyright (C) 2010 Viktor Tarasov <vtarasov@opentrust.com>
|
* Copyright (C) 2010 Viktor Tarasov <vtarasov@opentrust.com>
|
||||||
* OpenTrust <www.opentrust.com>
|
* OpenTrust <www.opentrust.com>
|
||||||
*
|
*
|
||||||
* This library is free software; you can redistribute it and/or
|
* This library is free software; you can redistribute it and/or
|
||||||
* modify it under the terms of the GNU Lesser General Public
|
* modify it under the terms of the GNU Lesser General Public
|
||||||
|
|
@ -194,6 +194,7 @@ iasecc_sdo_free_fields(struct sc_card *card, struct iasecc_sdo *sdo)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void
|
void
|
||||||
iasecc_sdo_free(struct sc_card *card, struct iasecc_sdo *sdo)
|
iasecc_sdo_free(struct sc_card *card, struct iasecc_sdo *sdo)
|
||||||
{
|
{
|
||||||
|
|
@ -238,11 +239,11 @@ iasecc_crt_parse(struct sc_card *card, unsigned char *data, struct iasecc_se_inf
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
for (ii=0; ii<IASECC_SE_CRTS_MAX; ii++)
|
for (ii=0; ii<SC_MAX_CRTS_IN_SE; ii++)
|
||||||
if (!se->crts[ii].tag)
|
if (!se->crts[ii].tag)
|
||||||
break;
|
break;
|
||||||
|
|
||||||
if (ii==IASECC_SE_CRTS_MAX)
|
if (ii==SC_MAX_CRTS_IN_SE)
|
||||||
LOG_TEST_RET(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "iasecc_crt_parse() error: too much CRTs in SE");
|
LOG_TEST_RET(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "iasecc_crt_parse() error: too much CRTs in SE");
|
||||||
|
|
||||||
memcpy(&se->crts[ii], &crt, sizeof(crt));
|
memcpy(&se->crts[ii], &crt, sizeof(crt));
|
||||||
|
|
@ -263,7 +264,7 @@ iasecc_se_get_crt(struct sc_card *card, struct iasecc_se_info *se, struct sc_crt
|
||||||
sc_log(ctx, "CRT search template: %X:%X:%X, refs %X:%X:...",
|
sc_log(ctx, "CRT search template: %X:%X:%X, refs %X:%X:...",
|
||||||
crt->tag, crt->algo, crt->usage, crt->refs[0], crt->refs[1]);
|
crt->tag, crt->algo, crt->usage, crt->refs[0], crt->refs[1]);
|
||||||
|
|
||||||
for (ii=0; ii<IASECC_SE_CRTS_MAX && se->crts[ii].tag; ii++) {
|
for (ii=0; ii<SC_MAX_CRTS_IN_SE && se->crts[ii].tag; ii++) {
|
||||||
if (crt->tag != se->crts[ii].tag)
|
if (crt->tag != se->crts[ii].tag)
|
||||||
continue;
|
continue;
|
||||||
if (crt->algo && crt->algo != se->crts[ii].algo)
|
if (crt->algo && crt->algo != se->crts[ii].algo)
|
||||||
|
|
@ -297,7 +298,7 @@ iasecc_se_get_crt_by_usage(struct sc_card *card, struct iasecc_se_info *se, unsi
|
||||||
LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS);
|
LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS);
|
||||||
sc_log(ctx, "CRT search template with TAG:0x%X and UQB:0x%X", tag, usage);
|
sc_log(ctx, "CRT search template with TAG:0x%X and UQB:0x%X", tag, usage);
|
||||||
|
|
||||||
for (ii=0; ii<IASECC_SE_CRTS_MAX && se->crts[ii].tag; ii++) {
|
for (ii=0; ii<SC_MAX_CRTS_IN_SE && se->crts[ii].tag; ii++) {
|
||||||
if (tag != se->crts[ii].tag)
|
if (tag != se->crts[ii].tag)
|
||||||
continue;
|
continue;
|
||||||
if (usage != se->crts[ii].usage)
|
if (usage != se->crts[ii].usage)
|
||||||
|
|
@ -955,7 +956,7 @@ iasecc_sdo_encode_create(struct sc_context *ctx, struct iasecc_sdo *sdo, unsigne
|
||||||
};
|
};
|
||||||
struct sc_asn1_entry c_asn1_create_data[2] = {
|
struct sc_asn1_entry c_asn1_create_data[2] = {
|
||||||
{ "createData", SC_ASN1_STRUCT, SC_ASN1_TAG_SEQUENCE | SC_ASN1_APP | SC_ASN1_CONS, 0, NULL, NULL },
|
{ "createData", SC_ASN1_STRUCT, SC_ASN1_TAG_SEQUENCE | SC_ASN1_APP | SC_ASN1_CONS, 0, NULL, NULL },
|
||||||
{ NULL, 0, 0, 0, NULL, NULL }
|
{ NULL, 0, 0, 0, NULL, NULL }
|
||||||
};
|
};
|
||||||
struct sc_asn1_entry asn1_docp_data[2], asn1_create_data[2];
|
struct sc_asn1_entry asn1_docp_data[2], asn1_create_data[2];
|
||||||
unsigned char *blob = NULL;
|
unsigned char *blob = NULL;
|
||||||
|
|
@ -1000,19 +1001,19 @@ iasecc_sdo_encode_update_field(struct sc_context *ctx, unsigned char sdo_class,
|
||||||
|
|
||||||
struct sc_asn1_entry c_asn1_field_value[2] = {
|
struct sc_asn1_entry c_asn1_field_value[2] = {
|
||||||
{ "fieldValue", SC_ASN1_OCTET_STRING, 0, SC_ASN1_ALLOC, NULL, NULL },
|
{ "fieldValue", SC_ASN1_OCTET_STRING, 0, SC_ASN1_ALLOC, NULL, NULL },
|
||||||
{ NULL, 0, 0, 0, NULL, NULL }
|
{ NULL, 0, 0, 0, NULL, NULL }
|
||||||
};
|
};
|
||||||
struct sc_asn1_entry c_asn1_sdo_field[2] = {
|
struct sc_asn1_entry c_asn1_sdo_field[2] = {
|
||||||
{ "sdoField", SC_ASN1_STRUCT, 0, 0, NULL, NULL },
|
{ "sdoField", SC_ASN1_STRUCT, 0, 0, NULL, NULL },
|
||||||
{ NULL, 0, 0, 0, NULL, NULL }
|
{ NULL, 0, 0, 0, NULL, NULL }
|
||||||
};
|
};
|
||||||
struct sc_asn1_entry c_asn1_class_data[2] = {
|
struct sc_asn1_entry c_asn1_class_data[2] = {
|
||||||
{ "classData", SC_ASN1_STRUCT, 0, 0, NULL, NULL },
|
{ "classData", SC_ASN1_STRUCT, 0, 0, NULL, NULL },
|
||||||
{ NULL, 0, 0, 0, NULL, NULL }
|
{ NULL, 0, 0, 0, NULL, NULL }
|
||||||
};
|
};
|
||||||
struct sc_asn1_entry c_asn1_update_data[2] = {
|
struct sc_asn1_entry c_asn1_update_data[2] = {
|
||||||
{ "updateData", SC_ASN1_STRUCT, SC_ASN1_TAG_SEQUENCE | SC_ASN1_APP | SC_ASN1_CONS, 0, NULL, NULL },
|
{ "updateData", SC_ASN1_STRUCT, SC_ASN1_TAG_SEQUENCE | SC_ASN1_APP | SC_ASN1_CONS, 0, NULL, NULL },
|
||||||
{ NULL, 0, 0, 0, NULL, NULL }
|
{ NULL, 0, 0, 0, NULL, NULL }
|
||||||
};
|
};
|
||||||
struct sc_asn1_entry asn1_field_value[4], asn1_sdo_field[2], asn1_class_data[2], asn1_update_data[2];
|
struct sc_asn1_entry asn1_field_value[4], asn1_sdo_field[2], asn1_class_data[2], asn1_update_data[2];
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -154,7 +154,7 @@
|
||||||
|
|
||||||
#define IASECC_SDO_TAGS_UPDATE_MAX 16
|
#define IASECC_SDO_TAGS_UPDATE_MAX 16
|
||||||
|
|
||||||
#define IASECC_SE_CRTS_MAX 24
|
//#define IASECC_SE_CRTS_MAX 24
|
||||||
|
|
||||||
#define _MAKE_IASECC_SDO_MAGIC(a, b, c, d) (((a) << 24) | ((b) << 16) | ((c) << 8) | ((d)))
|
#define _MAKE_IASECC_SDO_MAGIC(a, b, c, d) (((a) << 24) | ((b) << 16) | ((c) << 8) | ((d)))
|
||||||
|
|
||||||
|
|
@ -163,7 +163,7 @@
|
||||||
#define IASECC_SDO_MAGIC_UPDATE_RSA _MAKE_IASECC_SDO_MAGIC('E', 'C', 'U', 'R')
|
#define IASECC_SDO_MAGIC_UPDATE_RSA _MAKE_IASECC_SDO_MAGIC('E', 'C', 'U', 'R')
|
||||||
|
|
||||||
#define IASECC_MAX_SCBS 7
|
#define IASECC_MAX_SCBS 7
|
||||||
#define IASECC_MAX_CRTS_IN_SE 24
|
//#define IASECC_MAX_CRTS_IN_SE 24
|
||||||
|
|
||||||
struct iasecc_extended_tlv {
|
struct iasecc_extended_tlv {
|
||||||
unsigned tag;
|
unsigned tag;
|
||||||
|
|
|
||||||
|
|
@ -147,7 +147,7 @@ static int list_sdos(char *sdo_tag)
|
||||||
if (!rv) {
|
if (!rv) {
|
||||||
printf("Found SE #%X\n", se.reference);
|
printf("Found SE #%X\n", se.reference);
|
||||||
_iasecc_print_docp(&se.docp);
|
_iasecc_print_docp(&se.docp);
|
||||||
for(jj=0; jj<IASECC_SE_CRTS_MAX && se.crts[jj].tag; jj++)
|
for(jj=0; jj<SC_MAX_CRTS_IN_SE && se.crts[jj].tag; jj++)
|
||||||
_iasecc_print_crt(&se.crts[jj]);
|
_iasecc_print_crt(&se.crts[jj]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue