fixed possible NULL pointer dereference
This commit is contained in:
Frank Morgner
parent
53954e9ff1
commit
e4a01643a6
|
|
@ -548,7 +548,7 @@ static int gids_get_pin_status(sc_card_t *card, int pinreference, int *tries_lef
|
|||
}
|
||||
p = sc_asn1_find_tag(card->ctx, buffer, buffersize , GIDS_TRY_LIMIT_TAG, &datasize);
|
||||
if (p && datasize == 1) {
|
||||
if (tries_left)
|
||||
if (max_tries)
|
||||
*max_tries = p[0];
|
||||
}
|
||||
|
||||
|
|
@ -928,14 +928,16 @@ static int gids_select_file(sc_card_t *card, const struct sc_path *in_path,
|
|||
data->currentEFID = in_path->value[1] + (in_path->value[0]<<8);
|
||||
data->currentDO = in_path->value[3] + (in_path->value[2]<<8);
|
||||
|
||||
file = sc_file_new();
|
||||
if (file == NULL)
|
||||
LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
|
||||
file->path = *in_path;
|
||||
file->type = SC_FILE_TYPE_WORKING_EF;
|
||||
file->ef_structure = SC_FILE_EF_TRANSPARENT;
|
||||
file->size = SC_MAX_EXT_APDU_BUFFER_SIZE;
|
||||
*file_out = file;
|
||||
if (file_out) {
|
||||
file = sc_file_new();
|
||||
if (file == NULL)
|
||||
LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
|
||||
file->path = *in_path;
|
||||
file->type = SC_FILE_TYPE_WORKING_EF;
|
||||
file->ef_structure = SC_FILE_EF_TRANSPARENT;
|
||||
file->size = SC_MAX_EXT_APDU_BUFFER_SIZE;
|
||||
*file_out = file;
|
||||
}
|
||||
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
|
||||
} else if (in_path->len == 4 && in_path->value[0] == 0x3F && in_path->value[1] == 0xFF && in_path->type == SC_PATH_TYPE_PATH) {
|
||||
// GIDS does not allow a select with a path containing a DF
|
||||
|
|
|
|||
|
|
@ -216,14 +216,17 @@ int mscfs_loadFileInfo(mscfs_t* fs, const u8 *path, int pathlen, mscfs_file_t **
|
|||
mscfs_check_cache(fs);
|
||||
if(idx) *idx = -1;
|
||||
for(x = 0; x < fs->cache.size; x++) {
|
||||
msc_id objectId;
|
||||
*file_data = &fs->cache.array[x];
|
||||
objectId = (*file_data)->objectId;
|
||||
if(0 == memcmp(objectId.id, fullPath.id, 4)) {
|
||||
if(idx) *idx = x;
|
||||
break;
|
||||
if (*file_data) {
|
||||
msc_id objectId;
|
||||
objectId = (*file_data)->objectId;
|
||||
if(0 == memcmp(objectId.id, fullPath.id, 4)) {
|
||||
if (idx)
|
||||
*idx = x;
|
||||
break;
|
||||
}
|
||||
*file_data = NULL;
|
||||
}
|
||||
*file_data = NULL;
|
||||
}
|
||||
if(*file_data == NULL && (0 == memcmp("\x3F\x00\x00\x00", fullPath.id, 4) || 0 == memcmp("\x3F\x00\x50\x15", fullPath.id, 4 ) || 0 == memcmp("\x3F\x00\x3F\x00", fullPath.id, 4))) {
|
||||
static mscfs_file_t ROOT_FILE;
|
||||
|
|
|
|||
|
|
@ -346,7 +346,7 @@ static int get_key(unsigned int usage, sc_pkcs15_object_t **result)
|
|||
* a crypto operation. Card drivers can test for SC_AC_CONTEXT_SPECIFIC
|
||||
* to do any special handling.
|
||||
*/
|
||||
if (key->user_consent) {
|
||||
if (key->user_consent && pin && pin->data) {
|
||||
int auth_meth_saved;
|
||||
struct sc_pkcs15_auth_info *pinfo = (struct sc_pkcs15_auth_info *) pin->data;
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue