giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed Potential leak of memory

This commit is contained in:
Frank Morgner 2019-01-25 01:15:01 +01:00
parent c2cc83754e
commit fdb0e6d581
11 changed files with 125 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/common/simclist.c
View File

@ -479,6 +479,9 @@ int list_insert_at(list_t *simclist_restrict l, const void *data, unsigned int p
size_t datalen = l->attrs.meter(data);
lent->data = (struct list_entry_s *)malloc(datalen);
if (lent->data == NULL) {
if (!(l->spareelsnum > 0)) {
free(lent);
}
return -1;
}
memcpy(lent->data, data, datalen);

26
src/libopensc/card-authentic.c
View File

@ -1775,28 +1775,28 @@ authentic_manage_sdo_encode(struct sc_card *card, struct sc_authentic_sdo *sdo,
rv = authentic_update_blob(ctx, AUTHENTIC_TAG_DOCP_MECH, &sdo->docp.mech, sizeof(sdo->docp.mech),
&data, &data_len);
LOG_TEST_RET(ctx, rv, "DOCP MECH encode error");
LOG_TEST_GOTO_ERR(ctx, rv, "DOCP MECH encode error");
rv = authentic_update_blob(ctx, AUTHENTIC_TAG_DOCP_ID, &sdo->docp.id, sizeof(sdo->docp.id),
&data, &data_len);
LOG_TEST_RET(ctx, rv, "DOCP ID encode error");
LOG_TEST_GOTO_ERR(ctx, rv, "DOCP ID encode error");
if (cmd == SC_CARDCTL_AUTHENTIC_SDO_CREATE) {
rv = authentic_update_blob(ctx, AUTHENTIC_TAG_DOCP_ACLS, sdo->docp.acl_data, sdo->docp.acl_data_len,
&data, &data_len);
LOG_TEST_RET(ctx, rv, "DOCP ACLs encode error");
LOG_TEST_GOTO_ERR(ctx, rv, "DOCP ACLs encode error");
if (sdo->docp.security_parameter) {
rv = authentic_update_blob(ctx, AUTHENTIC_TAG_DOCP_SCP,
&sdo->docp.security_parameter, sizeof(sdo->docp.security_parameter),
&data, &data_len);
LOG_TEST_RET(ctx, rv, "DOCP ACLs encode error");
LOG_TEST_GOTO_ERR(ctx, rv, "DOCP ACLs encode error");
}
if (sdo->docp.usage_counter[0] || sdo->docp.usage_counter[1]) {
rv = authentic_update_blob(ctx, AUTHENTIC_TAG_DOCP_USAGE_COUNTER,
sdo->docp.usage_counter, sizeof(sdo->docp.usage_counter),
&data, &data_len);
LOG_TEST_RET(ctx, rv, "DOCP ACLs encode error");
LOG_TEST_GOTO_ERR(ctx, rv, "DOCP ACLs encode error");
}
}
else if (cmd == SC_CARDCTL_AUTHENTIC_SDO_STORE) {
@ -1806,10 +1806,10 @@ authentic_manage_sdo_encode(struct sc_card *card, struct sc_authentic_sdo *sdo,
|| sdo->docp.mech == AUTHENTIC_MECH_CRYPTO_RSA1792
|| sdo->docp.mech == AUTHENTIC_MECH_CRYPTO_RSA2048) {
rv = authentic_manage_sdo_encode_prvkey(card, sdo->data.prvkey, &data, &data_len);
LOG_TEST_RET(ctx, rv, "SDO RSA encode error");
LOG_TEST_GOTO_ERR(ctx, rv, "SDO RSA encode error");
}
else {
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Cryptographic object unsupported for encoding");
LOG_TEST_GOTO_ERR(ctx, SC_ERROR_NOT_SUPPORTED, "Cryptographic object unsupported for encoding");
}
}
else if (cmd == SC_CARDCTL_AUTHENTIC_SDO_GENERATE) {
@ -1817,21 +1817,23 @@ authentic_manage_sdo_encode(struct sc_card *card, struct sc_authentic_sdo *sdo,
rv = authentic_update_blob(ctx, AUTHENTIC_TAG_RSA_PUBLIC_EXPONENT,
sdo->data.prvkey->u.rsa.exponent.data, sdo->data.prvkey->u.rsa.exponent.len,
&data, &data_len);
LOG_TEST_RET(ctx, rv, "SDO RSA Exponent encode error");
LOG_TEST_GOTO_ERR(ctx, rv, "SDO RSA Exponent encode error");
}
data_tag = AUTHENTIC_TAG_RSA_GENERATE_DATA;
}
else if (cmd != SC_CARDCTL_AUTHENTIC_SDO_DELETE) {
LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Invalid SDO operation");
LOG_TEST_GOTO_ERR(ctx, SC_ERROR_INVALID_DATA, "Invalid SDO operation");
}
rv = authentic_update_blob(ctx, data_tag, data, data_len, out, out_len);
LOG_TEST_RET(ctx, rv, "SDO DOCP encode error");
free(data);
LOG_TEST_GOTO_ERR(ctx, rv, "SDO DOCP encode error");
sc_log_hex(ctx, "encoded SDO operation data", *out, *out_len);
err:
free(data);
LOG_FUNC_RETURN(ctx, rv);
}

9
src/libopensc/card-dnie.c
View File

@ -1007,7 +1007,7 @@ static int dnie_fill_cache(sc_card_t * card)
size_t count = 0;
size_t len = 0;
u8 *buffer = NULL;
u8 *pt = NULL;
u8 *pt = NULL, *p;
sc_context_t *ctx = NULL;
if (!card || !card->ctx)
@ -1056,19 +1056,22 @@ static int dnie_fill_cache(sc_card_t * card)
}
if (r == SC_ERROR_INCORRECT_PARAMETERS)
goto read_done;
free(buffer);
if (apdu.resp != tmp)
free(apdu.resp);
LOG_FUNC_RETURN(ctx, r); /* arriving here means response error */
}
/* copy received data into buffer. realloc() if not enough space */
count = apdu.resplen;
buffer = realloc(buffer, len + count);
if (!buffer) {
p = realloc(buffer, len + count);
if (!p) {
free(buffer);
free((void *)apdu.data);
if (apdu.resp != tmp)
free(apdu.resp);
LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
}
buffer = p;
memcpy(buffer + len, apdu.resp, count);
if (apdu.resp != tmp) {
free(apdu.resp);

10
src/libopensc/card-iasecc.c
View File

@ -3406,12 +3406,13 @@ iasecc_read_public_key(struct sc_card *card, unsigned type,
sc_log(ctx, "read public kay(ref:%i;size:%i)", ref, size);
memset(&bn, 0, sizeof bn);
memset(&sdo, 0, sizeof(sdo));
sdo.sdo_class = IASECC_SDO_CLASS_RSA_PUBLIC;
sdo.sdo_ref = ref & ~IASECC_OBJECT_REF_LOCAL;
rv = iasecc_sdo_get_data(card, &sdo);
LOG_TEST_RET(ctx, rv, "failed to read public key: cannot get RSA SDO data");
LOG_TEST_GOTO_ERR(ctx, rv, "failed to read public key: cannot get RSA SDO data");
if (out)
*out = NULL;
@ -3420,13 +3421,13 @@ iasecc_read_public_key(struct sc_card *card, unsigned type,
bn[0].data = (unsigned char *) malloc(sdo.data.pub_key.n.size);
if (!bn[0].data)
LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "failed to read public key: cannot allocate modulus");
LOG_TEST_GOTO_ERR(ctx, SC_ERROR_OUT_OF_MEMORY, "failed to read public key: cannot allocate modulus");
bn[0].len = sdo.data.pub_key.n.size;
memcpy(bn[0].data, sdo.data.pub_key.n.value, sdo.data.pub_key.n.size);
bn[1].data = (unsigned char *) malloc(sdo.data.pub_key.e.size);
if (!bn[1].data)
LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "failed to read public key: cannot allocate exponent");
LOG_TEST_GOTO_ERR(ctx, SC_ERROR_OUT_OF_MEMORY, "failed to read public key: cannot allocate exponent");
bn[1].len = sdo.data.pub_key.e.size;
memcpy(bn[1].data, sdo.data.pub_key.e.value, sdo.data.pub_key.e.size);
@ -3434,11 +3435,12 @@ iasecc_read_public_key(struct sc_card *card, unsigned type,
rsa_key.exponent = bn[1];
rv = sc_pkcs15_encode_pubkey_rsa(ctx, &rsa_key, out, out_len);
LOG_TEST_RET(ctx, rv, "failed to read public key: cannot encode RSA public key");
LOG_TEST_GOTO_ERR(ctx, rv, "failed to read public key: cannot encode RSA public key");
if (out && out_len)
sc_log(ctx, "encoded public key: %s", sc_dump_hex(*out, *out_len));
err:
if (bn[0].data)
free(bn[0].data);
if (bn[1].data)

70
src/libopensc/iasecc-sdo.c
View File

@ -558,8 +558,10 @@ iasecc_parse_keyset(struct sc_card *card, unsigned char *data, size_t data_len,
if (tlv.tag == IASECC_SDO_KEYSET_TAG_COMPULSORY)
keyset->compulsory = tlv;
else
else {
free(tlv.value);
LOG_TEST_RET(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "parse error: non KeySet SDO tag");
}
offs += rv;
}
@ -668,43 +670,48 @@ iasecc_sdo_parse_data(struct sc_card *card, unsigned char *data, struct iasecc_s
sdo->docp.tries_remaining = tlv;
}
else if (tlv.tag == IASECC_SDO_CHV_TAG) {
if (sdo->sdo_class != IASECC_SDO_CLASS_CHV)
if (sdo->sdo_class != IASECC_SDO_CLASS_CHV) {
free(tlv.value);
LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "parse error: IASECC_SDO_CHV_TAG tag in non User CHV SDO");
}
rv = iasecc_parse_chv(card, tlv.value, tlv.size, &sdo->data.chv);
LOG_TEST_RET(ctx, rv, "parse error: cannot parse SDO CHV data");
free(tlv.value);
LOG_TEST_RET(ctx, rv, "parse error: cannot parse SDO CHV data");
}
else if (tlv.tag == IASECC_SDO_PUBKEY_TAG) {
if (sdo->sdo_class != IASECC_SDO_CLASS_RSA_PUBLIC)
if (sdo->sdo_class != IASECC_SDO_CLASS_RSA_PUBLIC) {
free(tlv.value);
LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "parse error: SDO_PUBLIC_KEY tag in non PUBLIC_KEY SDO");
}
rv = iasecc_parse_pubkey(card, tlv.value, tlv.size, &sdo->data.pub_key);
LOG_TEST_RET(ctx, rv, "parse error: cannot parse SDO PUBLIC KEY data");
free(tlv.value);
LOG_TEST_RET(ctx, rv, "parse error: cannot parse SDO PUBLIC KEY data");
}
else if (tlv.tag == IASECC_SDO_PRVKEY_TAG) {
if (sdo->sdo_class != IASECC_SDO_CLASS_RSA_PRIVATE)
if (sdo->sdo_class != IASECC_SDO_CLASS_RSA_PRIVATE) {
free(tlv.value);
LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "parse error: SDO_PRIVATE_KEY tag in non PRIVATE_KEY SDO");
}
rv = iasecc_parse_prvkey(card, tlv.value, tlv.size, &sdo->data.prv_key);
LOG_TEST_RET(ctx, rv, "parse error: cannot parse SDO PRIVATE KEY data");
free(tlv.value);
LOG_TEST_RET(ctx, rv, "parse error: cannot parse SDO PRIVATE KEY data");
}
else if (tlv.tag == IASECC_SDO_KEYSET_TAG) {
if (sdo->sdo_class != IASECC_SDO_CLASS_KEYSET)
if (sdo->sdo_class != IASECC_SDO_CLASS_KEYSET) {
free(tlv.value);
LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "parse error: SDO_KEYSET tag in non KEYSET SDO");
}
rv = iasecc_parse_keyset(card, tlv.value, tlv.size, &sdo->data.keyset);
LOG_TEST_RET(ctx, rv, "parse error: cannot parse SDO KEYSET data");
free(tlv.value);
LOG_TEST_RET(ctx, rv, "parse error: cannot parse SDO KEYSET data");
}
else {
sc_log(ctx, "iasecc_sdo_parse_data() non supported tag 0x%X", tlv.tag);
free(tlv.value);
LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED);
}
@ -878,7 +885,7 @@ static int
iasecc_encode_docp(struct sc_context *ctx, struct iasecc_sdo_docp *docp, unsigned char **out, size_t *out_len)
{
struct iasecc_extended_tlv tlv, tlv_st;
unsigned char *st_blob, *tmp_blob, *docp_blob;
unsigned char *st_blob = NULL, *tmp_blob = NULL, *docp_blob = NULL;
size_t blob_size;
int rv;
@ -889,63 +896,64 @@ iasecc_encode_docp(struct sc_context *ctx, struct iasecc_sdo_docp *docp, unsigne
memset(&tlv, 0, sizeof(tlv));
memset(&tlv_st, 0, sizeof(tlv_st));
st_blob = NULL;
blob_size = 0;
rv = iasecc_update_blob(ctx, &docp->acls_contact, &st_blob, &blob_size);
LOG_TEST_RET(ctx, rv, "ECC: cannot add contact ACLs to blob");
LOG_TEST_GOTO_ERR(ctx, rv, "ECC: cannot add contact ACLs to blob");
rv = iasecc_update_blob(ctx, &docp->acls_contactless, &st_blob, &blob_size);
LOG_TEST_RET(ctx, rv, "ECC: cannot add contactless ACLs to blob");
LOG_TEST_GOTO_ERR(ctx, rv, "ECC: cannot add contactless ACLs to blob");
tlv.tag = IASECC_DOCP_TAG_ACLS;
tlv.size = blob_size;
tlv.value = st_blob;
tmp_blob = NULL;
blob_size = 0;
rv = iasecc_update_blob(ctx, &tlv, &tmp_blob, &blob_size);
LOG_TEST_RET(ctx, rv, "ECC: cannot add ACLs template to blob");
LOG_TEST_GOTO_ERR(ctx, rv, "ECC: cannot add ACLs template to blob");
rv = iasecc_update_blob(ctx, &docp->name, &tmp_blob, &blob_size);
LOG_TEST_RET(ctx, rv, "ECC: cannot add NAME to blob");
LOG_TEST_GOTO_ERR(ctx, rv, "ECC: cannot add NAME to blob");
rv = iasecc_update_blob(ctx, &docp->tries_maximum, &tmp_blob, &blob_size);
LOG_TEST_RET(ctx, rv, "ECC: cannot add TRIES MAXIMUM to blob");
LOG_TEST_GOTO_ERR(ctx, rv, "ECC: cannot add TRIES MAXIMUM to blob");
rv = iasecc_update_blob(ctx, &docp->tries_remaining, &tmp_blob, &blob_size);
LOG_TEST_RET(ctx, rv, "ECC: cannot add TRIES REMAINING to blob");
LOG_TEST_GOTO_ERR(ctx, rv, "ECC: cannot add TRIES REMAINING to blob");
rv = iasecc_update_blob(ctx, &docp->usage_maximum, &tmp_blob, &blob_size);
LOG_TEST_RET(ctx, rv, "ECC: cannot add USAGE MAXIMUM to blob");
LOG_TEST_GOTO_ERR(ctx, rv, "ECC: cannot add USAGE MAXIMUM to blob");
rv = iasecc_update_blob(ctx, &docp->usage_remaining, &tmp_blob, &blob_size);
LOG_TEST_RET(ctx, rv, "ECC: cannot add USAGE REMAINING to blob");
LOG_TEST_GOTO_ERR(ctx, rv, "ECC: cannot add USAGE REMAINING to blob");
rv = iasecc_update_blob(ctx, &docp->non_repudiation, &tmp_blob, &blob_size);
LOG_TEST_RET(ctx, rv, "ECC: cannot add NON REPUDIATION to blob");
LOG_TEST_GOTO_ERR(ctx, rv, "ECC: cannot add NON REPUDIATION to blob");
rv = iasecc_update_blob(ctx, &docp->size, &tmp_blob, &blob_size);
LOG_TEST_RET(ctx, rv, "ECC: cannot add SIZE to blob");
LOG_TEST_GOTO_ERR(ctx, rv, "ECC: cannot add SIZE to blob");
rv = iasecc_update_blob(ctx, &docp->issuer_data, &tmp_blob, &blob_size);
LOG_TEST_RET(ctx, rv, "ECC: cannot add IDATA to blob");
LOG_TEST_GOTO_ERR(ctx, rv, "ECC: cannot add IDATA to blob");
tlv.tag = IASECC_DOCP_TAG;
tlv.size = blob_size;
tlv.value = tmp_blob;
docp_blob = NULL;
blob_size = 0;
rv = iasecc_update_blob(ctx, &tlv, &docp_blob, &blob_size);
LOG_TEST_RET(ctx, rv, "ECC: cannot add ACLs to blob");
free(tmp_blob);
LOG_TEST_GOTO_ERR(ctx, rv, "ECC: cannot add ACLs to blob");
if (out && out_len) {
*out = docp_blob;
*out_len = blob_size;
docp_blob = NULL;
}
err:
free(docp_blob);
free(tmp_blob);
free(st_blob);
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
}

9
src/libopensc/pkcs15-actalis.c
View File

@ -233,9 +233,11 @@ static int sc_pkcs15emu_actalis_init(sc_pkcs15_card_t * p15card)
sc_read_binary(card, 4, compCert, compLen, 0);
if (uncompress(cert, &len,
compCert, compLen) != Z_OK)
if (uncompress(cert, &len, compCert, compLen) != Z_OK) {
free(cert);
free(compCert);
return SC_ERROR_INTERNAL;
}
cpath.index = 0;
cpath.count = len;
@ -251,6 +253,9 @@ static int sc_pkcs15emu_actalis_init(sc_pkcs15_card_t * p15card)
j++;
cert_obj.flags = SC_PKCS15_CO_FLAG_MODIFIABLE;
sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info);
free(cert);
free(compCert);
}
}
#endif

3
src/pkcs11/framework-pkcs15.c
View File

@ -2348,9 +2348,10 @@ pkcs15_create_secret_key(struct sc_pkcs11_slot *slot, struct sc_profile *profile
break;
case CKA_VALUE:
if (attr->pValue) {
free(args.key.data);
args.key.data = calloc(1,attr->ulValueLen);
if (!args.key.data)
return CKR_HOST_MEMORY;
return CKR_HOST_MEMORY;
memcpy(args.key.data, attr->pValue, attr->ulValueLen);
args.key.data_len = attr->ulValueLen;
}

14
src/pkcs15init/pkcs15-oberthur-awp.c
View File

@ -1569,28 +1569,26 @@ awp_update_df_create_data(struct sc_pkcs15_card *p15card, struct sc_profile *pro
int rv;
LOG_FUNC_CALLED(ctx);
memset(&idata, 0, sizeof(idata));
der = obj->content;
path = ((struct sc_pkcs15_data_info *)obj->data)->path;
obj_id = (path.value[path.len-1] & 0xFF) + (path.value[path.len-2] & 0xFF) * 0x100;
rv = awp_new_file(p15card, profile, obj_type, obj_id & 0xFF, &info_file, &obj_file);
LOG_TEST_RET(ctx, rv, "COSM new file error");
LOG_TEST_GOTO_ERR(ctx, rv, "COSM new file error");
memset(&idata, 0, sizeof(idata));
sc_log(ctx,
"Data Der(%p,%"SC_FORMAT_LEN_SIZE_T"u)", der.value, der.len);
rv = awp_encode_data_info(p15card, obj, &idata);
LOG_TEST_RET(ctx, rv, "'Create Data' update DF failed: cannot encode info");
LOG_TEST_GOTO_ERR(ctx, rv, "'Create Data' update DF failed: cannot encode info");
rv = awp_set_data_info(p15card, profile, info_file, &idata);
LOG_TEST_RET(ctx, rv, "'Create Data' update DF failed: cannot set info");
LOG_TEST_GOTO_ERR(ctx, rv, "'Create Data' update DF failed: cannot set info");
rv = awp_update_object_list(p15card, profile, obj_type, obj_id & 0xFF);
LOG_TEST_RET(ctx, rv, "'Create Data' update DF failed: cannot update list");
LOG_TEST_GOTO_ERR(ctx, rv, "'Create Data' update DF failed: cannot update list");
err:
awp_free_data_info(&idata);
sc_file_free(info_file);
sc_file_free(obj_file);

8
src/scconf/parse.c
View File

@ -99,9 +99,7 @@ static scconf_item *scconf_item_add_internal(scconf_parser * parser, int type)
/* if item with same key already exists, use it */
item = scconf_item_find(parser);
if (item) {
if (parser->key) {
free(parser->key);
}
free(parser->key);
parser->key = NULL;
parser->current_item = item;
return item;
@ -147,8 +145,7 @@ scconf_item *scconf_item_add(scconf_context * config, scconf_block * block, scco
scconf_block_copy((const scconf_block *) data, &dst);
scconf_list_copy(dst->name, &parser.name);
}
scconf_item_add_internal(&parser, type);
if (parser.current_item) {
if (scconf_item_add_internal(&parser, type)) {
switch (parser.current_item->type) {
case SCCONF_ITEM_TYPE_COMMENT:
parser.current_item->value.comment = strdup((const char *) data);
@ -167,6 +164,7 @@ scconf_item *scconf_item_add(scconf_context * config, scconf_block * block, scco
} else {
/* FIXME is it an error if item is NULL? */
free(parser.key);
parser.key = NULL;
}
return parser.current_item;
}

51
src/tools/pkcs15-init.c
View File

@ -1092,6 +1092,7 @@ do_store_private_key(struct sc_profile *profile)
for (i = 0; i < ncerts && r >= 0; i++) {
struct sc_pkcs15init_certargs cargs;
char namebuf[SC_PKCS15_MAX_LABEL_SIZE-1];
int cargs_label_needs_free = 0;
if (i && opt_ignore_ca_certs)
break;
@ -1108,14 +1109,20 @@ do_store_private_key(struct sc_profile *profile)
cargs.label = cert_common_name(cert[i]);
if (!cargs.label)
cargs.label = X509_NAME_oneline(X509_get_subject_name(cert[i]), namebuf, sizeof(namebuf));
else
cargs_label_needs_free = 1;
/* Just the first certificate gets the same ID
* as the private key. All others get
* an ID of their own */
if (i == 0) {
cargs.id = args.id;
if (opt_cert_label != 0)
if (opt_cert_label != 0) {
if (cargs_label_needs_free)
free((char *) cargs.label);
cargs.label = opt_cert_label;
cargs_label_needs_free = 0;
}
} else {
if (is_cacert_already_present(&cargs)) {
printf("Certificate #%d already present, not stored.\n", i);
@ -1128,6 +1135,8 @@ do_store_private_key(struct sc_profile *profile)
r = sc_pkcs15init_store_certificate(g_p15card, profile, &cargs, NULL);
next_cert:
if (cargs_label_needs_free)
free((char *) cargs.label);
free(cargs.der_encoded.value);
}
@ -1242,18 +1251,23 @@ do_store_secret_key(struct sc_profile *profile)
}
r = do_read_data_object(opt_infile, &args.key.data, &args.key.data_len, (keybits+7) / 8);
if (r < 0)
if (r < 0) {
free(args.key.data);
return r;
}
args.algorithm = algorithm;
args.value_len = keybits;
args.access_flags |= SC_PKCS15_PRKEY_ACCESS_SENSITIVE;
r = sc_lock(g_p15card->card);
if (r < 0)
if (r < 0) {
free(args.key.data);
return r;
}
r = sc_pkcs15init_store_secret_key(g_p15card, profile, &args, NULL);
sc_unlock(g_p15card->card);
free(args.key.data);
return r;
}
@ -1455,8 +1469,7 @@ do_store_data_object(struct sc_profile *profile)
sc_unlock(g_p15card->card);
}
if (data)
free(data);
free(data);
return r;
}
@ -2485,17 +2498,17 @@ do_read_data_object(const char *name, u8 **out, size_t *outlen, size_t expected)
inf = fopen(name, "rb");
if (inf == NULL) {
fprintf(stderr, "Unable to open '%s' for reading.\n", name);
return -1;
return SC_ERROR_FILE_NOT_FOUND;
}
c = fread(*out, 1, filesize, inf);
fclose(inf);
if (c < 0) {
perror("read");
return -1;
return SC_ERROR_FILE_NOT_FOUND;
}
*outlen = filesize;
return 0;
return SC_SUCCESS;
}
static char *
@ -3161,25 +3174,25 @@ static int verify_pin(struct sc_pkcs15_card *p15card, char *auth_id_str)
pin = (char *) opt_pins[0];
}
else {
sc_ui_hints_t hints;
sc_ui_hints_t hints;
if (opt_use_pinpad)
if (opt_use_pinpad)
return SC_ERROR_OBJECT_NOT_FOUND;
if (pin_obj->label[0])
snprintf(pin_label, sizeof(pin_label), "User PIN [%.*s]",
(int) sizeof pin_obj->label, pin_obj->label);
(int) sizeof pin_obj->label, pin_obj->label);
else
snprintf(pin_label, sizeof(pin_label), "User PIN");
memset(&hints, 0, sizeof(hints));
hints.dialog_name = "pkcs15init.get_pin";
hints.prompt = "User PIN required";
hints.obj_label = pin_label;
hints.usage = SC_UI_USAGE_OTHER;
hints.card = g_card;
hints.p15card = p15card;
memset(&hints, 0, sizeof(hints));
hints.dialog_name = "pkcs15init.get_pin";
hints.prompt = "User PIN required";
hints.obj_label = pin_label;
hints.usage = SC_UI_USAGE_OTHER;
hints.card = g_card;
hints.p15card = p15card;
get_pin(&hints, &pin);
get_pin(&hints, &pin);
}
r = sc_pkcs15_verify_pin(p15card, pin_obj, (unsigned char *)pin, pin ? strlen((char *) pin) : 0);

8
src/tools/sc-hsm-tool.c
View File

@ -1110,7 +1110,13 @@ static int generate_pwd_shares(sc_card_t *card, char **pwd, int *pwdlen, int pas
// Allocate data buffer for the generated shares
shares = malloc(password_shares_total * sizeof(secret_share_t));
createShares(secret, password_shares_threshold, password_shares_total, prime, shares);
if (!shares || 0 > createShares(secret, password_shares_threshold, password_shares_total, prime, shares)) {
printf("Error generating Shares. Please try again.");
OPENSSL_cleanse(*pwd, *pwdlen);
free(*pwd);
free(shares);
return -1;
}
sp = shares;
for (i = 0; i < password_shares_total; i++) {