giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fixed possible NULL pointer dereference

This commit is contained in:
Frank Morgner 2019-01-25 21:11:09 +01:00
parent 53954e9ff1
commit e4a01643a6
3 changed files with 21 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/libopensc/card-gids.c
View File

@ -548,7 +548,7 @@ static int gids_get_pin_status(sc_card_t *card, int pinreference, int *tries_lef
} }
p = sc_asn1_find_tag(card->ctx, buffer, buffersize , GIDS_TRY_LIMIT_TAG, &datasize); p = sc_asn1_find_tag(card->ctx, buffer, buffersize , GIDS_TRY_LIMIT_TAG, &datasize);
if (p && datasize == 1) { if (p && datasize == 1) {
if (tries_left) if (max_tries)
*max_tries = p[0]; *max_tries = p[0];
} }
@ -928,14 +928,16 @@ static int gids_select_file(sc_card_t *card, const struct sc_path *in_path,
data->currentEFID = in_path->value[1] + (in_path->value[0]<<8); data->currentEFID = in_path->value[1] + (in_path->value[0]<<8);
data->currentDO = in_path->value[3] + (in_path->value[2]<<8); data->currentDO = in_path->value[3] + (in_path->value[2]<<8);
file = sc_file_new(); if (file_out) {
if (file == NULL) file = sc_file_new();
LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY); if (file == NULL)
file->path = *in_path; LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
file->type = SC_FILE_TYPE_WORKING_EF; file->path = *in_path;
file->ef_structure = SC_FILE_EF_TRANSPARENT; file->type = SC_FILE_TYPE_WORKING_EF;
file->size = SC_MAX_EXT_APDU_BUFFER_SIZE; file->ef_structure = SC_FILE_EF_TRANSPARENT;
*file_out = file; file->size = SC_MAX_EXT_APDU_BUFFER_SIZE;
*file_out = file;
}
LOG_FUNC_RETURN(ctx, SC_SUCCESS); LOG_FUNC_RETURN(ctx, SC_SUCCESS);
} else if (in_path->len == 4 && in_path->value[0] == 0x3F && in_path->value[1] == 0xFF && in_path->type == SC_PATH_TYPE_PATH) { } else if (in_path->len == 4 && in_path->value[0] == 0x3F && in_path->value[1] == 0xFF && in_path->type == SC_PATH_TYPE_PATH) {
// GIDS does not allow a select with a path containing a DF // GIDS does not allow a select with a path containing a DF

15
src/libopensc/muscle-filesystem.c
View File

@ -216,14 +216,17 @@ int mscfs_loadFileInfo(mscfs_t* fs, const u8 *path, int pathlen, mscfs_file_t **
mscfs_check_cache(fs); mscfs_check_cache(fs);
if(idx) *idx = -1; if(idx) *idx = -1;
for(x = 0; x < fs->cache.size; x++) { for(x = 0; x < fs->cache.size; x++) {
msc_id objectId;
*file_data = &fs->cache.array[x]; *file_data = &fs->cache.array[x];
objectId = (*file_data)->objectId; if (*file_data) {
if(0 == memcmp(objectId.id, fullPath.id, 4)) { msc_id objectId;
if(idx) *idx = x; objectId = (*file_data)->objectId;
break; if(0 == memcmp(objectId.id, fullPath.id, 4)) {
if (idx)
*idx = x;
break;
}
*file_data = NULL;
} }
*file_data = NULL;
} }
if(*file_data == NULL && (0 == memcmp("\x3F\x00\x00\x00", fullPath.id, 4) || 0 == memcmp("\x3F\x00\x50\x15", fullPath.id, 4 ) || 0 == memcmp("\x3F\x00\x3F\x00", fullPath.id, 4))) { if(*file_data == NULL && (0 == memcmp("\x3F\x00\x00\x00", fullPath.id, 4) || 0 == memcmp("\x3F\x00\x50\x15", fullPath.id, 4 ) || 0 == memcmp("\x3F\x00\x3F\x00", fullPath.id, 4))) {
static mscfs_file_t ROOT_FILE; static mscfs_file_t ROOT_FILE;

2
src/tools/pkcs15-crypt.c
View File

@ -346,7 +346,7 @@ static int get_key(unsigned int usage, sc_pkcs15_object_t **result)
* a crypto operation. Card drivers can test for SC_AC_CONTEXT_SPECIFIC * a crypto operation. Card drivers can test for SC_AC_CONTEXT_SPECIFIC
* to do any special handling. * to do any special handling.
*/ */
if (key->user_consent) { if (key->user_consent && pin && pin->data) {
int auth_meth_saved; int auth_meth_saved;
struct sc_pkcs15_auth_info *pinfo = (struct sc_pkcs15_auth_info *) pin->data; struct sc_pkcs15_auth_info *pinfo = (struct sc_pkcs15_auth_info *) pin->data;