From e4a01643a6fb4f899171065d3919c11b62a1be7d Mon Sep 17 00:00:00 2001
From: Frank Morgner <frankmorgner@gmail.com>
Date: Fri, 25 Jan 2019 21:11:09 +0100
Subject: [PATCH] fixed possible NULL pointer dereference

---
 src/libopensc/card-gids.c         | 20 +++++++++++---------
 src/libopensc/muscle-filesystem.c | 15 +++++++++------
 src/tools/pkcs15-crypt.c          |  2 +-
 3 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/src/libopensc/card-gids.c b/src/libopensc/card-gids.c
index 9718283d..2471c55a 100644
--- a/src/libopensc/card-gids.c
+++ b/src/libopensc/card-gids.c
@@ -548,7 +548,7 @@ static int gids_get_pin_status(sc_card_t *card, int pinreference, int *tries_lef
 	}
 	p = sc_asn1_find_tag(card->ctx, buffer, buffersize , GIDS_TRY_LIMIT_TAG, &datasize);
 	if (p && datasize == 1) {
-		if (tries_left)
+		if (max_tries)
 			*max_tries = p[0];
 	}
 
@@ -928,14 +928,16 @@ static int gids_select_file(sc_card_t *card, const struct sc_path *in_path,
 		data->currentEFID = in_path->value[1] + (in_path->value[0]<<8);
 		data->currentDO = in_path->value[3] + (in_path->value[2]<<8);
 
-		file = sc_file_new();
-		if (file == NULL)
-			LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
-		file->path = *in_path;
-		file->type = SC_FILE_TYPE_WORKING_EF;
-		file->ef_structure = SC_FILE_EF_TRANSPARENT;
-		file->size = SC_MAX_EXT_APDU_BUFFER_SIZE;
-		*file_out = file;
+		if (file_out) {
+			file = sc_file_new();
+			if (file == NULL)
+				LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
+			file->path = *in_path;
+			file->type = SC_FILE_TYPE_WORKING_EF;
+			file->ef_structure = SC_FILE_EF_TRANSPARENT;
+			file->size = SC_MAX_EXT_APDU_BUFFER_SIZE;
+			*file_out = file;
+		}
 		LOG_FUNC_RETURN(ctx, SC_SUCCESS);
 	} else if (in_path->len == 4 && in_path->value[0] == 0x3F && in_path->value[1] == 0xFF &&  in_path->type == SC_PATH_TYPE_PATH) {
 		// GIDS does not allow a select with a path containing a DF
diff --git a/src/libopensc/muscle-filesystem.c b/src/libopensc/muscle-filesystem.c
index 887bd03a..ab5b6408 100644
--- a/src/libopensc/muscle-filesystem.c
+++ b/src/libopensc/muscle-filesystem.c
@@ -216,14 +216,17 @@ int mscfs_loadFileInfo(mscfs_t* fs, const u8 *path, int pathlen, mscfs_file_t **
 	mscfs_check_cache(fs);
 	if(idx) *idx = -1;
 	for(x = 0; x < fs->cache.size; x++) {
-		msc_id objectId;
 		*file_data = &fs->cache.array[x];
-		objectId = (*file_data)->objectId;
-		if(0 == memcmp(objectId.id, fullPath.id, 4)) {
-			if(idx) *idx = x;
-			break;
+		if (*file_data) {
+			msc_id objectId;
+			objectId = (*file_data)->objectId;
+			if(0 == memcmp(objectId.id, fullPath.id, 4)) {
+				if (idx)
+					*idx = x;
+				break;
+			}
+			*file_data = NULL;
 		}
-		*file_data = NULL;
 	}
 	if(*file_data == NULL && (0 == memcmp("\x3F\x00\x00\x00", fullPath.id, 4) || 0 == memcmp("\x3F\x00\x50\x15", fullPath.id, 4 ) || 0 == memcmp("\x3F\x00\x3F\x00", fullPath.id, 4))) {
 		static mscfs_file_t ROOT_FILE;
diff --git a/src/tools/pkcs15-crypt.c b/src/tools/pkcs15-crypt.c
index 6d064ec3..b9ba591a 100644
--- a/src/tools/pkcs15-crypt.c
+++ b/src/tools/pkcs15-crypt.c
@@ -346,7 +346,7 @@ static int get_key(unsigned int usage, sc_pkcs15_object_t **result)
 		 * a crypto operation.  Card drivers can test for SC_AC_CONTEXT_SPECIFIC
 		 * to do any special handling. 
 		 */
-		if (key->user_consent) {
+		if (key->user_consent && pin && pin->data) {
 			int auth_meth_saved;
 			struct sc_pkcs15_auth_info *pinfo = (struct sc_pkcs15_auth_info *) pin->data;