From ea4ddf8f17437070fcd9fd2bfdce09038a7cb8f9 Mon Sep 17 00:00:00 2001
From: andre <andre@c6295689-39f2-0310-b995-f0e70906c6a9>
Date: Mon, 6 Dec 2010 18:33:17 +0000
Subject: [PATCH] pkcs15-pin: If the usage counter of a cached PIN is expired,
 then free that cached PIN instead of freeing the objects content that is
 protected by the PIN.

If re-validation of a cached PIN fails, then free that cached PIN to ensure that it isn't used again for re-validation.

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4924 c6295689-39f2-0310-b995-f0e70906c6a9
---
 src/libopensc/pkcs15-pin.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/libopensc/pkcs15-pin.c b/src/libopensc/pkcs15-pin.c
index 8a6ec866..747c714a 100644
--- a/src/libopensc/pkcs15-pin.c
+++ b/src/libopensc/pkcs15-pin.c
@@ -526,7 +526,7 @@ int sc_pkcs15_pincache_revalidate(struct sc_pkcs15_card *p15card, sc_pkcs15_obje
 	}
 	
 	if (pin_obj->usage_counter >= p15card->opts.pin_cache_counter) {
-		sc_pkcs15_free_object_content(obj);
+		sc_pkcs15_free_object_content(pin_obj);
 		return SC_ERROR_SECURITY_STATUS_NOT_SATISFIED;
 	}
 
@@ -536,6 +536,9 @@ int sc_pkcs15_pincache_revalidate(struct sc_pkcs15_card *p15card, sc_pkcs15_obje
 	pin_obj->usage_counter++;
 	r = sc_pkcs15_verify_pin(p15card, pin_obj, pin_obj->content.value, pin_obj->content.len);
 	if (r != SC_SUCCESS) {
+		/* Ensure that wrong PIN isn't used again */ 
+		sc_pkcs15_free_object_content(pin_obj);
+
 		sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Verify PIN error %i", r);
 		return SC_ERROR_SECURITY_STATUS_NOT_SATISFIED;
 	}