From b403934718daec2d09d456edce230b55a9b8590d Mon Sep 17 00:00:00 2001
From: Frank Morgner <frankmorgner@gmail.com>
Date: Fri, 23 Feb 2018 13:58:39 +0100
Subject: [PATCH] PKCS#15: prevent use of empty serial number in TokenInfo

... and initialize the serial number with the card's serial number if
nothing useful is in EF.TokenInfo
---
 src/libopensc/pkcs15.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/libopensc/pkcs15.c b/src/libopensc/pkcs15.c
index 3e058863..892d4244 100644
--- a/src/libopensc/pkcs15.c
+++ b/src/libopensc/pkcs15.c
@@ -207,7 +207,7 @@ int sc_pkcs15_parse_tokeninfo(sc_context_t *ctx,
 	r = sc_asn1_decode(ctx, asn1_tokeninfo, buf, blen, NULL, NULL);
 	LOG_TEST_RET(ctx, r, "ASN.1 parsing of EF(TokenInfo) failed");
 
-	if (asn1_toki_attrs[1].flags & SC_ASN1_PRESENT)   {
+	if (asn1_toki_attrs[1].flags & SC_ASN1_PRESENT && serial_len > 0)   {
 		ti->serial_number = malloc(serial_len * 2 + 1);
 		if (ti->serial_number == NULL)
 			return SC_ERROR_OUT_OF_MEMORY;
@@ -1188,6 +1188,10 @@ sc_pkcs15_bind_internal(struct sc_pkcs15_card *p15card, struct sc_aid *aid)
 
 	*(p15card->tokeninfo) = tokeninfo;
 
+	if (!p15card->tokeninfo->serial_number && 0 == card->serialnr.len) {
+		sc_card_ctl(p15card->card, SC_CARDCTL_GET_SERIALNR, &card->serialnr);
+	}
+
 	if (!p15card->tokeninfo->serial_number && card->serialnr.len)   {
 		char *serial = calloc(1, card->serialnr.len*2 + 1);
 		size_t ii;