From aed95b2f2ba24bda09c0fe25609dd498e66a2e25 Mon Sep 17 00:00:00 2001 From: Frank Morgner Date: Tue, 22 Jan 2019 12:24:53 +0100 Subject: [PATCH] pkcs11: check inputs prevents NULL pointer dereference --- src/pkcs11/framework-pkcs15.c | 110 +++++++++++++++++++++++++----- src/pkcs11/framework-pkcs15init.c | 14 +++- src/pkcs11/mechanism.c | 2 +- src/pkcs11/misc.c | 2 +- src/pkcs11/pkcs11-object.c | 6 +- src/pkcs11/pkcs11-session.c | 21 ++++-- src/pkcs11/slot.c | 4 +- 7 files changed, 130 insertions(+), 29 deletions(-) diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c index 10582ed3..eeb6861a 100644 --- a/src/pkcs11/framework-pkcs15.c +++ b/src/pkcs11/framework-pkcs15.c @@ -269,7 +269,9 @@ get_fw_data(struct sc_pkcs11_card *p11card, struct sc_app_info *app_info, int *o struct pkcs15_fw_data *out = NULL; int idx; - for (idx=0; idx < SC_PKCS11_FRAMEWORK_DATA_MAX_NUM; idx++) { + if (!p11card) + return NULL; + for (idx=0; p11card && idx < SC_PKCS11_FRAMEWORK_DATA_MAX_NUM; idx++) { struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *) p11card->fws_data[idx]; struct sc_file *file_app = NULL; @@ -307,6 +309,8 @@ pkcs15_bind(struct sc_pkcs11_card *p11card, struct sc_app_info *app_info) CK_RV ck_rv; sc_log(context, "Bind PKCS#15 '%s' application", app_info ? app_info->label : ""); + if (!p11card) + return CKR_TOKEN_NOT_RECOGNIZED; for (idx=0; idxfws_data[idx]) break; @@ -351,7 +355,9 @@ pkcs15_unbind(struct sc_pkcs11_card *p11card) unsigned int i, idx; int rv = SC_SUCCESS; - for (idx=0; idxfws_data[idx]; if (!fw_data) @@ -1015,21 +1021,25 @@ pkcs15_add_object(struct sc_pkcs11_slot *slot, struct pkcs15_any_object *obj, case SC_PKCS15_TYPE_PRKEY_RSA: case SC_PKCS15_TYPE_PRKEY_GOSTR3410: case SC_PKCS15_TYPE_PRKEY_EC: - pkcs15_add_object(slot, (struct pkcs15_any_object *) obj->related_pubkey, NULL); - card_fw_data = (struct pkcs15_fw_data *) slot->p11card->fws_data[slot->fw_data_idx]; - for (i = 0; i < card_fw_data->num_objects; i++) { - struct pkcs15_any_object *obj2 = card_fw_data->objects[i]; - struct pkcs15_cert_object *cert; + if (slot->p11card != NULL) { + pkcs15_add_object(slot, (struct pkcs15_any_object *) obj->related_pubkey, NULL); + if (!slot->p11card) + return; + card_fw_data = (struct pkcs15_fw_data *) slot->p11card->fws_data[slot->fw_data_idx]; + for (i = 0; i < card_fw_data->num_objects; i++) { + struct pkcs15_any_object *obj2 = card_fw_data->objects[i]; + struct pkcs15_cert_object *cert; - if (!is_cert(obj2)) - continue; + if (!is_cert(obj2)) + continue; - cert = (struct pkcs15_cert_object*) obj2; + cert = (struct pkcs15_cert_object*) obj2; - if ((struct pkcs15_any_object*)(cert->cert_prvkey) != obj) - continue; + if ((struct pkcs15_any_object*)(cert->cert_prvkey) != obj) + continue; - pkcs15_add_object(slot, obj2, NULL); + pkcs15_add_object(slot, obj2, NULL); + } } break; case SC_PKCS15_TYPE_CERT_X509: @@ -1246,6 +1256,10 @@ int slot_get_logged_in_state(struct sc_pkcs11_slot *slot) struct sc_pkcs15_object *pin_obj = NULL; struct sc_pkcs15_auth_info *pin_info; + if (slot->p11card == NULL) { + goto out; + } + fw_data = (struct pkcs15_fw_data *) slot->p11card->fws_data[slot->fw_data_idx]; if (!fw_data) goto out; @@ -1432,7 +1446,9 @@ pkcs15_create_tokens(struct sc_pkcs11_card *p11card, struct sc_app_info *app_inf CK_RV rv; int rc, i, idx; - sc_log(context, "create PKCS#15 tokens; fws:%p,%p,%p", p11card->fws_data[0], p11card->fws_data[1], p11card->fws_data[2]); + if (p11card) { + sc_log(context, "create PKCS#15 tokens; fws:%p,%p,%p", p11card->fws_data[0], p11card->fws_data[1], p11card->fws_data[2]); + } sc_log(context, "create slots flags 0x%X", cs_flags); /* Find out framework data corresponding to the given application */ @@ -1549,13 +1565,18 @@ static CK_RV pkcs15_login(struct sc_pkcs11_slot *slot, CK_USER_TYPE userType, CK_CHAR_PTR pPin, CK_ULONG ulPinLen) { - struct sc_pkcs11_card *p11card = slot->p11card; + struct sc_pkcs11_card *p11card; struct pkcs15_fw_data *fw_data = NULL; struct sc_pkcs15_card *p15card = NULL; struct sc_pkcs15_object *auth_object = NULL; struct sc_pkcs15_auth_info *pin_info = NULL; int rc; + if (slot->p11card == NULL) { + return CKR_TOKEN_NOT_RECOGNIZED; + } + p11card = slot->p11card; + fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_Login"); @@ -1627,6 +1648,8 @@ pkcs15_login(struct sc_pkcs11_slot *slot, CK_USER_TYPE userType, if (pin_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN) return CKR_FUNCTION_REJECTED; + if (!p11card) + return CKR_TOKEN_NOT_RECOGNIZED; if (p11card->card->reader->capabilities & SC_READER_CAP_PIN_PAD || (p15card->card->caps & SC_CARD_CAP_PROTECTED_AUTHENTICATION_PATH)) { /* pPin should be NULL in case of a pin pad reader, but @@ -1734,6 +1757,8 @@ pkcs15_logout(struct sc_pkcs11_slot *slot) CK_RV ret = CKR_OK; int rc; + if (!p11card) + return CKR_TOKEN_NOT_RECOGNIZED; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_Logout"); @@ -1777,6 +1802,8 @@ pkcs15_change_pin(struct sc_pkcs11_slot *slot, int login_user = slot->login_user; int rc; + if (!p11card) + return CKR_TOKEN_NOT_RECOGNIZED; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_SetPin"); @@ -1854,6 +1881,8 @@ pkcs15_initialize(struct sc_pkcs11_slot *slot, void *ptr, CK_RV rv; sc_log(context, "Get 'enable-InitToken' card configuration option"); + if (!p11card) + return CKR_TOKEN_NOT_RECOGNIZED; conf_block = sc_get_conf_block(p11card->card->ctx, "framework", "pkcs15", 1); enable_InitToken = scconf_get_bool(conf_block, "pkcs11_enable_InitToken", 0); @@ -1985,6 +2014,8 @@ pkcs15_init_pin(struct sc_pkcs11_slot *slot, CK_CHAR_PTR pPin, CK_ULONG ulPinLen p11args.pin = pPin; p11args.pin_len = ulPinLen; + if (!p11card) + return CKR_TOKEN_NOT_RECOGNIZED; rc = sc_card_ctl(p11card->card, SC_CARDCTL_PKCS11_INIT_PIN, &p11args); if (rc != SC_ERROR_NOT_SUPPORTED) { if (rc == SC_SUCCESS) @@ -2087,6 +2118,8 @@ pkcs15_create_private_key(struct sc_pkcs11_slot *slot, struct sc_profile *profil char label[SC_PKCS15_MAX_LABEL_SIZE]; memset(&args, 0, sizeof(args)); + if (!p11card) + return CKR_TOKEN_NOT_RECOGNIZED; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_CreateObject"); @@ -2254,6 +2287,8 @@ pkcs15_create_secret_key(struct sc_pkcs11_slot *slot, struct sc_profile *profile CK_BBOOL temp_object = FALSE; memset(&args, 0, sizeof(args)); + if (!p11card) + return CKR_TOKEN_NOT_RECOGNIZED; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_CreateObject"); @@ -2426,6 +2461,8 @@ pkcs15_create_public_key(struct sc_pkcs11_slot *slot, struct sc_profile *profile char label[SC_PKCS15_MAX_LABEL_SIZE]; memset(&args, 0, sizeof(args)); + if (!p11card) + return CKR_TOKEN_NOT_RECOGNIZED; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_CreateObject"); @@ -2532,6 +2569,8 @@ pkcs15_create_certificate(struct sc_pkcs11_slot *slot, char label[SC_PKCS15_MAX_LABEL_SIZE]; memset(&args, 0, sizeof(args)); + if (!p11card) + return CKR_TOKEN_NOT_RECOGNIZED; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_CreateObject"); @@ -2616,6 +2655,8 @@ pkcs15_create_data(struct sc_pkcs11_slot *slot, struct sc_profile *profile, memset(&args, 0, sizeof(args)); sc_init_oid(&args.app_oid); + if (!p11card) + return CKR_TOKEN_NOT_RECOGNIZED; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_CreateObject"); @@ -2694,6 +2735,8 @@ pkcs15_create_object(struct sc_pkcs11_slot *slot, CK_ATTRIBUTE_PTR pTemplate, CK int rc; CK_BBOOL p15init_create_object; + if (!p11card) + return CKR_TOKEN_NOT_RECOGNIZED; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_CreateObject"); @@ -2960,6 +3003,8 @@ pkcs15_gen_keypair(struct sc_pkcs11_slot *slot, CK_MECHANISM_PTR pMechanism, && pMechanism->mechanism != CKM_EC_KEY_PAIR_GEN) return CKR_MECHANISM_INVALID; + if (!p11card) + return CKR_TOKEN_NOT_RECOGNIZED; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GenerateKeyPair"); @@ -3133,6 +3178,8 @@ pkcs15_skey_destroy(struct sc_pkcs11_session *session, void *object) struct pkcs15_fw_data *fw_data = NULL; int rv; + if (!p11card) + return CKR_TOKEN_NOT_RECOGNIZED; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GenerateKeyPair"); @@ -3171,6 +3218,8 @@ pkcs15_any_destroy(struct sc_pkcs11_session *session, void *object) struct sc_profile *profile = NULL; int rv; + if (!p11card) + return CKR_TOKEN_NOT_RECOGNIZED; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_DestroyObject"); @@ -3250,6 +3299,8 @@ pkcs15_get_random(struct sc_pkcs11_slot *slot, CK_BYTE_PTR p, CK_ULONG len) struct pkcs15_fw_data *fw_data = NULL; int rc; + if (!p11card) + return CKR_TOKEN_NOT_RECOGNIZED; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GenerateRandom"); @@ -3298,6 +3349,8 @@ pkcs15_set_attrib(struct sc_pkcs11_session *session, struct sc_pkcs15_object *p1 int rv = 0; CK_RV ck_rv = CKR_OK; + if (!p11card) + return CKR_TOKEN_NOT_RECOGNIZED; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_SetAttributeValue"); @@ -3397,6 +3450,8 @@ pkcs15_cert_get_attribute(struct sc_pkcs11_session *session, void *object, CK_AT sc_log(context, "pkcs15_cert_get_attribute() called"); p11card = session->slot->p11card; + if (!p11card) + return CKR_TOKEN_NOT_RECOGNIZED; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GetAttributeValue"); @@ -3499,6 +3554,8 @@ pkcs15_cert_cmp_attribute(struct sc_pkcs11_session *session, size_t len, _len; sc_log(context, "pkcs15_cert_cmp_attribute() called"); + if (!p11card) + return CKR_TOKEN_NOT_RECOGNIZED; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; if (!fw_data) { sc_log(context, "pkcs15_cert_cmp_attribute() returns SC_ERROR_INTERNAL"); @@ -3599,6 +3656,8 @@ pkcs15_prkey_get_attribute(struct sc_pkcs11_session *session, sc_log(context, "pkcs15_prkey_get_attribute() called"); p11card = session->slot->p11card; + if (!p11card) + return CKR_TOKEN_NOT_RECOGNIZED; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GetAttributeValue"); @@ -3840,6 +3899,8 @@ pkcs15_prkey_sign(struct sc_pkcs11_session *session, void *obj, sc_log(context, "Initiating signing operation, mechanism 0x%lx.", pMechanism->mechanism); + if (!p11card) + return CKR_TOKEN_NOT_RECOGNIZED; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_Sign"); @@ -4010,6 +4071,8 @@ pkcs15_prkey_unwrap(struct sc_pkcs11_session *session, void *obj, sc_log(context, "Initiating unwrapping with private key."); + if (!p11card) + return CKR_TOKEN_NOT_RECOGNIZED; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_UnwrapKey"); @@ -4071,6 +4134,8 @@ pkcs15_prkey_decrypt(struct sc_pkcs11_session *session, void *obj, sc_log(context, "Initiating decryption."); + if (!p11card) + return CKR_TOKEN_NOT_RECOGNIZED; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_Decrypt"); @@ -4144,6 +4209,8 @@ pkcs15_prkey_derive(struct sc_pkcs11_session *session, void *obj, sc_log(context, "Initiating derivation"); + if (!p11card) + return CKR_TOKEN_NOT_RECOGNIZED; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_DeriveKey"); @@ -4219,6 +4286,8 @@ pkcs15_prkey_can_do(struct sc_pkcs11_session *session, void *obj, if (!pkinfo->algo_refs[0]) return CKR_FUNCTION_NOT_SUPPORTED; + if (!p11card) + return CKR_TOKEN_NOT_RECOGNIZED; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; token_algos = &fw_data->p15_card->tokeninfo->supported_algos[0]; @@ -4373,6 +4442,8 @@ pkcs15_pubkey_get_attribute(struct sc_pkcs11_session *session, void *object, CK_ p11card = session->slot->p11card; cert = pubkey->pub_genfrom; + if (!p11card) + return CKR_TOKEN_NOT_RECOGNIZED; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GetAttributeValue"); @@ -4600,9 +4671,12 @@ pkcs15_dobj_get_value(struct sc_pkcs11_session *session, { struct sc_pkcs11_card *p11card = session->slot->p11card; struct pkcs15_fw_data *fw_data = NULL; - struct sc_card *card = session->slot->p11card->card; + struct sc_card *card; int rv; + if (!p11card) + return CKR_TOKEN_NOT_RECOGNIZED; + card = session->slot->p11card->card; if (!out_data) return SC_ERROR_INVALID_ARGUMENTS; if (dobj->info->data.len == 0) @@ -4883,6 +4957,8 @@ pkcs15_skey_unwrap(struct sc_pkcs11_session *session, void *obj, sc_log(context, "Initiating unwrapping with a secret key."); + if (!p11card) + return CKR_TOKEN_NOT_RECOGNIZED; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_UnwrapKey"); @@ -4961,6 +5037,8 @@ pkcs15_skey_wrap(struct sc_pkcs11_session *session, void *obj, } p11card = session->slot->p11card; + if (!p11card) + return CKR_TOKEN_NOT_RECOGNIZED; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; if (!fw_data) diff --git a/src/pkcs11/framework-pkcs15init.c b/src/pkcs11/framework-pkcs15init.c index 2f352c25..1883e6b9 100644 --- a/src/pkcs11/framework-pkcs15init.c +++ b/src/pkcs11/framework-pkcs15init.c @@ -32,10 +32,13 @@ */ static CK_RV pkcs15init_bind(struct sc_pkcs11_card *p11card, struct sc_app_info *app_info) { - struct sc_card *card = p11card->card; + struct sc_card *card; struct sc_profile *profile; int rc; + if (!p11card) + return CKR_TOKEN_NOT_RECOGNIZED; + card = p11card->card; rc = sc_pkcs15init_bind(card, "pkcs15", NULL, NULL, &profile); if (rc == 0) p11card->fws_data[0] = profile; @@ -46,6 +49,8 @@ static CK_RV pkcs15init_unbind(struct sc_pkcs11_card *p11card) { struct sc_profile *profile; + if (!p11card) + return CKR_TOKEN_NOT_RECOGNIZED; profile = (struct sc_profile *) p11card->fws_data[0]; sc_pkcs15init_unbind(profile); return CKR_OK; @@ -59,6 +64,8 @@ pkcs15init_create_tokens(struct sc_pkcs11_card *p11card, struct sc_app_info *app struct sc_pkcs11_slot *slot; CK_RV rc; + if (!p11card) + return CKR_TOKEN_NOT_RECOGNIZED; profile = (struct sc_profile *) p11card->fws_data[0]; rc = slot_allocate(&slot, p11card); @@ -127,12 +134,15 @@ pkcs15init_initialize(struct sc_pkcs11_slot *pslot, void *ptr, CK_UTF8CHAR_PTR pLabel) { struct sc_pkcs11_card *p11card = pslot->p11card; - struct sc_profile *profile = (struct sc_profile *) p11card->fws_data[0]; + struct sc_profile *profile; struct sc_pkcs15init_initargs args; struct sc_pkcs11_slot *slot; CK_RV rv; int rc, id; + if (!p11card) + return CKR_TOKEN_NOT_RECOGNIZED; + profile = (struct sc_profile *) p11card->fws_data[0]; memset(&args, 0, sizeof(args)); args.so_pin = pPin; args.so_pin_len = ulPinLen; diff --git a/src/pkcs11/mechanism.c b/src/pkcs11/mechanism.c index 7bcab8e3..cea5d4b9 100644 --- a/src/pkcs11/mechanism.c +++ b/src/pkcs11/mechanism.c @@ -1211,7 +1211,7 @@ sc_pkcs11_register_sign_and_hash_mechanism(struct sc_pkcs11_card *p11card, info = calloc(1, sizeof(*info)); if (!info) - LOG_FUNC_RETURN(p11card->card->ctx, SC_ERROR_OUT_OF_MEMORY); + return CKR_HOST_MEMORY; info->mech = mech; info->sign_type = sign_type; diff --git a/src/pkcs11/misc.c b/src/pkcs11/misc.c index b9bef60d..9408080b 100644 --- a/src/pkcs11/misc.c +++ b/src/pkcs11/misc.c @@ -140,7 +140,7 @@ CK_RV restore_login_state(struct sc_pkcs11_slot *slot) if (sc_pkcs11_conf.atomic && slot) { if (list_iterator_start(&slot->logins)) { struct sc_pkcs11_login *login = list_iterator_next(&slot->logins); - while (login) { + while (login && slot->p11card && slot->p11card->framework) { r = slot->p11card->framework->login(slot, login->userType, login->pPin, login->ulPinLen); if (r != CKR_OK) diff --git a/src/pkcs11/pkcs11-object.c b/src/pkcs11/pkcs11-object.c index ad336bf8..190e2866 100644 --- a/src/pkcs11/pkcs11-object.c +++ b/src/pkcs11/pkcs11-object.c @@ -1015,7 +1015,8 @@ CK_RV C_GenerateKeyPair(CK_SESSION_HANDLE hSession, /* the session's handle */ } slot = session->slot; - if (slot->p11card->framework->gen_keypair == NULL) + if (slot == NULL || slot->p11card == NULL || slot->p11card->framework == NULL + || slot->p11card->framework->gen_keypair == NULL) rv = CKR_FUNCTION_NOT_SUPPORTED; else { rv = restore_login_state(slot); @@ -1283,7 +1284,8 @@ CK_RV C_GenerateRandom(CK_SESSION_HANDLE hSession, /* the session's handle */ rv = get_session(hSession, &session); if (rv == CKR_OK) { slot = session->slot; - if (slot->p11card->framework->get_random == NULL) + if (slot == NULL || slot->p11card == NULL || slot->p11card->framework == NULL + || slot->p11card->framework->get_random == NULL) rv = CKR_RANDOM_NO_RNG; else rv = slot->p11card->framework->get_random(slot, RandomData, ulRandomLen); diff --git a/src/pkcs11/pkcs11-session.c b/src/pkcs11/pkcs11-session.c index e4247446..f79629ca 100644 --- a/src/pkcs11/pkcs11-session.c +++ b/src/pkcs11/pkcs11-session.c @@ -120,8 +120,11 @@ static CK_RV sc_pkcs11_close_session(CK_SESSION_HANDLE hSession) slot->login_user = -1; if (sc_pkcs11_conf.atomic) pop_all_login_states(slot); - else + else { + if (slot->p11card == NULL) + return CKR_TOKEN_NOT_RECOGNIZED; slot->p11card->framework->logout(slot); + } } if (list_delete(&sessions, session) != 0) @@ -289,7 +292,7 @@ CK_RV C_Login(CK_SESSION_HANDLE hSession, /* the session's handle */ } else { rv = restore_login_state(slot); - if (rv == CKR_OK) + if (rv == CKR_OK && slot->p11card && slot->p11card->framework) rv = slot->p11card->framework->login(slot, userType, pPin, ulPinLen); rv = reset_login_state(slot, rv); } @@ -307,6 +310,8 @@ CK_RV C_Login(CK_SESSION_HANDLE hSession, /* the session's handle */ rv = restore_login_state(slot); if (rv == CKR_OK) { sc_log(context, "C_Login() userType %li", userType); + if (slot->p11card == NULL) + return CKR_TOKEN_NOT_RECOGNIZED; rv = slot->p11card->framework->login(slot, userType, pPin, ulPinLen); sc_log(context, "fLogin() rv %li", rv); } @@ -347,8 +352,11 @@ CK_RV C_Logout(CK_SESSION_HANDLE hSession) slot->login_user = -1; if (sc_pkcs11_conf.atomic) pop_all_login_states(slot); - else + else { + if (!slot->p11card) + return CKR_TOKEN_NOT_RECOGNIZED; rv = slot->p11card->framework->logout(slot); + } } else rv = CKR_USER_NOT_LOGGED_IN; @@ -385,7 +393,7 @@ CK_RV C_InitPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pPin, CK_ULONG ulPinLen) slot = session->slot; if (slot->login_user != CKU_SO) { rv = CKR_USER_NOT_LOGGED_IN; - } else if (slot->p11card->framework->init_pin == NULL) { + } else if (slot->p11card == NULL || slot->p11card->framework->init_pin == NULL) { rv = CKR_FUNCTION_NOT_SUPPORTED; } else { rv = restore_login_state(slot); @@ -430,8 +438,11 @@ CK_RV C_SetPIN(CK_SESSION_HANDLE hSession, } rv = restore_login_state(slot); - if (rv == CKR_OK) + if (rv == CKR_OK) { + if (slot->p11card == NULL) + return CKR_TOKEN_NOT_RECOGNIZED; rv = slot->p11card->framework->change_pin(slot, pOldPin, ulOldLen, pNewPin, ulNewLen); + } rv = reset_login_state(slot, rv); out: diff --git a/src/pkcs11/slot.c b/src/pkcs11/slot.c index c374666f..44b041ee 100644 --- a/src/pkcs11/slot.c +++ b/src/pkcs11/slot.c @@ -495,8 +495,8 @@ CK_RV slot_token_removed(CK_SLOT_ID id) /* Release framework stuff */ if (slot->p11card != NULL) { - if (slot->fw_data != NULL && - slot->p11card->framework != NULL && slot->p11card->framework->release_token != NULL) { + if (slot->fw_data != NULL && slot->p11card->framework != NULL + && slot->p11card->framework->release_token != NULL) { slot->p11card->framework->release_token(slot->p11card, slot->fw_data); slot->fw_data = NULL; }