- Parsing pkcs11 IDs and paths with an odd number of bytes would scan past

the end of the string. Made sc_hex_to_bin more robust and change various
  place to use it rather than doing it on their own with scanf(%02x)


git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@754 c6295689-39f2-0310-b995-f0e70906c6a9

src/libopensc/pkcs15.c

@@ -132,7 +132,7 @@ int sc_pkcs15_encode_tokeninfo(struct sc_context *ctx,
 			       struct sc_pkcs15_card *card,
 			       u8 **buf, size_t *buflen)
 {
-	int i, r;
+	int r;
 	u8 serial[128];
 	size_t serial_len = 0;
 	size_t mnfid_len;
@@ -149,13 +149,9 @@ int sc_pkcs15_encode_tokeninfo(struct sc_context *ctx,
 	if (card->serial_number != NULL) {
 		if (strlen(card->serial_number)/2 > sizeof(serial))
 			return SC_ERROR_BUFFER_TOO_SMALL;
-		for (i = 0; card->serial_number[i] != 0; i += 2) {
+		serial_len = sizeof(serial);
-			int c;
+		if (sc_hex_to_bin(card->serial_number, serial, &serial_len) < 0)
-			if (sscanf(&card->serial_number[i], "%02X", &c) != 1)
+			return SC_ERROR_INVALID_ARGUMENTS;
-				return SC_ERROR_INVALID_ARGUMENTS;
-			serial[i/2] = c & 0xFF;
-			serial_len++;
-		}
 		sc_format_asn1_entry(asn1_toki + 1, serial, &serial_len, 1);
 	}
 	if (card->manufacturer_id != NULL) {
@@ -1013,20 +1009,10 @@ int sc_pkcs15_compare_id(const struct sc_pkcs15_id *id1,
 
 void sc_pkcs15_format_id(const char *str, struct sc_pkcs15_id *id)
 {
-	int len = 0;
+	size_t len = sizeof(id->value);
-	u8 *p = id->value;
 
-	while (*str) {
+	if (sc_hex_to_bin(str, id->value, &len) >= 0)
-		int byte;
+		id->len = len;
-		
-		if (sscanf(str, "%02X", &byte) != 1)
-			break;
-		*p++ = byte;
-		len++;
-		str += 2;
-	}
-	id->len = len;
-	return;
 }
 
 void sc_pkcs15_print_id(const struct sc_pkcs15_id *id)

src/libopensc/sc.c

@@ -40,30 +40,45 @@ const char *sc_get_version(void)
 int sc_hex_to_bin(const char *in, u8 *out, size_t *outlen)
 {
 	int err = 0;
-	size_t left, c = 0;
+	size_t left, count = 0;
 
 	assert(in != NULL && out != NULL && outlen != NULL);
         left = *outlen;
 
-	while (*in != (char) 0) {
+	while (*in != '\0') {
-		int byte;
+		int byte = 0, nybbles = 2;
+		char c;
 
-		if (sscanf(in, "%02X", &byte) != 1) {
+		while (nybbles-- && *in && *in != ':') {
-                        err = SC_ERROR_INVALID_ARGUMENTS;
+			byte <<= 4;
-			break;
+			c = *in++;
+			if ('0' <= c && c <= '9')
+				c -= '0';
+			else
+			if ('a' <= c && c <= 'f')
+				c = c - 'a' + 10;
+			else
+			if ('A' <= c && c <= 'F')
+				c = c - 'A' + 10;
+			else {
+				err = SC_ERROR_INVALID_ARGUMENTS;
+				goto out;
+			}
+			byte |= c;
 		}
-		in += 2;
 		if (*in == ':')
 			in++;
 		if (left <= 0) {
                         err = SC_ERROR_BUFFER_TOO_SMALL;
 			break;
 		}
-		*out++ = (u8) byte;
+		out[count++] = (u8) byte;
 		left--;
 		c++;
 	}
-	*outlen = c;
+
+out:
+	*outlen = count;
 	return err;
 }
 
@@ -132,26 +147,17 @@ int sc_wait_for_card(struct sc_context *ctx, int reader, int timeout)
 
 void sc_format_path(const char *str, struct sc_path *path)
 {
-	int len = 0;
 	int type = SC_PATH_TYPE_PATH;
-	u8 *p = path->value;
 
+	memset(path, 0, sizeof(*path));
 	if (*str == 'i' || *str == 'I') {
 		type = SC_PATH_TYPE_FILE_ID;
 		str++;
 	}
-	while (*str) {
+	path->len = sizeof(path->value);
-		int byte;
+	if (sc_hex_to_bin(str, path->value, &path->len) >= 0) {
-		
+		path->type = type;
-		if (sscanf(str, "%02X", &byte) != 1)
-			break;
-		*p++ = byte;
-		len++;
-		str += 2;
 	}
-	path->len = len;
-	path->type = type;
-	path->index = 0;
 	return;
 }