From b9e33a3c640ebf85de862a534e8b23693981fa0c Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 29 Nov 2017 11:35:21 +0100
Subject: [PATCH] Coverity warnings

card-piv.c
	make sure the string is null terminated before passing it
	to hex_to_bin routine, which expects it
pkcs15-cac.c
	free cn_name on failure
pkcs11-tool.c
	make sure the string is null terminated before passing it to
	parse_certificate(), which expects it
---
 src/libopensc/card-piv.c   | 5 +++--
 src/libopensc/pkcs15-cac.c | 1 +
 src/tools/pkcs11-tool.c    | 3 ++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/libopensc/card-piv.c b/src/libopensc/card-piv.c
index 61acedc8..1a890175 100644
--- a/src/libopensc/card-piv.c
+++ b/src/libopensc/card-piv.c
@@ -1481,7 +1481,7 @@ static int piv_get_key(sc_card_t *card, unsigned int alg_id, u8 **key, size_t *l
 	FILE *f = NULL;
 	char * keyfilename = NULL;
 	size_t expected_keylen;
-	size_t keylen;
+	size_t keylen, readlen;
 	u8 * keybuf = NULL;
 	u8 * tkey = NULL;
 
@@ -1530,11 +1530,12 @@ static int piv_get_key(sc_card_t *card, unsigned int alg_id, u8 **key, size_t *l
 	}
 	keybuf[fsize] = 0x00;    /* in case it is text need null */
 
-	if (fread(keybuf, 1, fsize, f) != fsize) {
+	if ((readlen = fread(keybuf, 1, fsize, f)) != fsize) {
 		sc_log(card->ctx, " Unable to read key\n");
 		r = SC_ERROR_WRONG_LENGTH;
 		goto err;
 	}
+	keybuf[readlen] = '\0';
 
 	tkey = malloc(expected_keylen);
 	if (!tkey) {
diff --git a/src/libopensc/pkcs15-cac.c b/src/libopensc/pkcs15-cac.c
index 93032113..f34425a5 100644
--- a/src/libopensc/pkcs15-cac.c
+++ b/src/libopensc/pkcs15-cac.c
@@ -388,6 +388,7 @@ static int sc_pkcs15emu_cac_init(sc_pkcs15_card_t *p15card)
 			if (r == SC_SUCCESS) {
 				token_name = malloc (cn_len+1);
 				if (!token_name) {
+					free(cn_name);
 					r = SC_ERROR_OUT_OF_MEMORY;
 					goto fail;
 				}
diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
index e3c52e2f..df4a0ef3 100644
--- a/src/tools/pkcs11-tool.c
+++ b/src/tools/pkcs11-tool.c
@@ -2838,9 +2838,10 @@ static int write_object(CK_SESSION_HANDLE session)
 		if (!(f = fopen(opt_attr_from_file, "rb")))
 			util_fatal("Couldn't open file \"%s\"", opt_attr_from_file);
 		certdata_len = fread(certdata, 1, sizeof(certdata), f);
+		fclose(f);
 		if (certdata_len < 0)
 			util_fatal("Couldn't read from file \"%s\"", opt_attr_from_file);
-		fclose(f);
+		certdata[certdata_len] = '\0';
 		need_to_parse_certdata = 1;
 	}
 	if (opt_object_class == CKO_CERTIFICATE) {