8b6ba40a8e
fixed 341853 Resource leak
2019-11-05 21:49:30 +01:00
fa35be5859
fixed 347857 Resource leak
2019-11-05 21:49:30 +01:00
2a2662fb3d
fixed 348981 Resource leak
2019-11-05 21:49:30 +01:00
7a1e42e135
fixed compiler warning
...
fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18701
2019-11-05 10:58:32 +01:00
c3f23b836e
fixed UNKNOWN READ
...
Reported by OSS-Fuzz
https://oss-fuzz.com/testcase-detail/5681169970757632
2019-11-03 04:45:28 +01:00
6263afbe43
fixed memory leak
...
Reported by OSS-Fuzz
https://oss-fuzz.com/testcase-detail/5697134632632320
2019-11-03 04:38:09 +01:00
d3f60a657f
pkcs15*: Fail if there is no fallback file_app
2019-11-01 15:53:40 +01:00
b75c002cfb
cac1: Correctly handle the buffer limits
...
Found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18618
and others
2019-11-01 15:53:40 +01:00
bfa8415ea3
Fix build on ARM, PPC
...
Those architectures use unsigned char by default, and command variable is later compared to -1.
2019-11-01 15:51:06 +01:00
fb15a7dd86
reader-pcsc: Handle yubikey reinsertion
...
When the application (NSS) does not use WaitForSlotEvent and just
opportunistically tries to detect card and reader removals with
C_GetSlotInfo() and C_GetSessionInfo(), we might get errors in
various plcaes, in the sc_lock() function, when we try to transfer
other messages or when we ask for the reader status.
This is generally too late to call any disconnect functions because no
PC/SC handles are valid anymore. The reader state from PCSC
is searched by name so we can be pretty sure it is very similar
reader (with same name as the old one) and I hope we can reuse the
reader structure and just call the pcsc_connect() on that as we do
with invalid handles.
Otherwise we detect this issue in the refresh_attributes() (called
from C_GetSlotInfo()), where we can report the slot change in the
expected manner.
Fixes #1822
2019-11-01 15:50:34 +01:00
0ea11523a3
Improve logging of exit codes
2019-11-01 15:50:34 +01:00
3c87ffaa02
fuzzing: correctly consume fuzzing data
2019-11-01 15:49:10 +01:00
a3ee8cefc8
Generate consistent docbook id's
2019-11-01 14:23:40 +01:00
424ebf8ed1
pkcs15: Avoid insane allocations
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18592
2019-10-31 02:18:36 +01:00
51363d3392
cac: Make sure we do not leak memory
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18564
2019-10-31 02:18:20 +01:00
829a73c941
card-npa: Remove dead code
2019-10-31 02:18:04 +01:00
6c7b4bed37
pkcs15*: Avoid null dereference from fuzzers
...
Thanks oss-fuzz.
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18591
2019-10-31 02:17:44 +01:00
49f59d9fc9
clean up already enumerated apps
2019-10-29 17:54:40 +01:00
3ac47fbea9
replace SC_FUNC_CALLED(...,1) with SC_FUNC_CALLED(..., SC_LOG_DEBUG_NORMAL) ( close #1698 )
...
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
2019-10-28 09:51:28 +01:00
60581ecc82
remove trailing whitespace
...
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
2019-10-28 09:51:28 +01:00
026b6ab43d
fuzzing: validate PIN only if it's a PIN
...
https://oss-fuzz.com/testcase-detail/5693809152753664
2019-10-26 23:56:19 +02:00
3c286b3cb1
fixed Null-dereference READ
...
https://oss-fuzz.com/testcase-detail/5734505646391296
Thanks to OSS-Fuzz
2019-10-26 23:50:11 +02:00
61cd7fcdb2
card-mcrd: Free the allocated structures on cleanup
...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18416
2019-10-25 20:25:06 +02:00
6522df7587
pkcs15: Avoid null dereference in fuzzers
...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16617
2019-10-25 20:22:40 +02:00
532b06d07e
pkcs15: Avoid insane allocations
...
and use single max constant accross the code
https://oss-fuzz.com/testcase-detail/6314983763214336
2019-10-25 20:22:40 +02:00
f0310f7776
Add fuzzing status to the readme
2019-10-25 20:22:40 +02:00
6810eb6cf1
fuzz_pkcs15_reader: Unbreak strict builds
...
The error was
fuzz_pkcs15_reader.c: In function ‘fuzz_get_chunk’:
fuzz_pkcs15_reader.c:66:19: error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast]
66 | *chunk_size = (uint16_t) data->Data;
| ^
cc1: all warnings being treated as errors
2019-10-25 20:22:40 +02:00
cc466eea94
asn1: Avoid undefined shifts by adding explicit cast
...
The error was:
asn1.c:681:23: runtime error: left shift of 255 by 24 places cannot be represented in type 'int'
#0 0x5e9b11 in decode_bit_field opensc/src/libopensc/asn1.c:681:23
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18487
2019-10-25 20:19:50 +02:00
0d091c8e0c
asn1: Avoid integer overflow
...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18475
2019-10-23 13:50:52 +02:00
6ce6152284
pkcs15-prkey: Simplify cleaning memory after failure
...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18478
2019-10-23 13:50:52 +02:00
19f4c7e428
card-mcrd.c: Avoid null dereference
...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18477
2019-10-23 13:50:52 +02:00
1be013d08e
asn1: Fix undefined shift in OID parser
...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16618
2019-10-22 09:42:18 +02:00
630d6adf32
pkcs15-prkey: Avoid memory leak
...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16625
2019-10-22 09:41:14 +02:00
62049ea18c
Avoid memory leaks from file selection
...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17106
2019-10-22 09:38:30 +02:00
6ef0ac6e67
asn1: Correctly parse negative integers
...
The negative integers were parsed uterly wrong, resulting in undefined
shift overflows as reported by oss-fuzz.
The current implementation takes negated values (properly masked) and
calculates two's complement in the end, which results in correct values
and correct data handling.
https://oss-fuzz.com/testcase-detail/5125815506829312
2019-10-22 09:33:46 +02:00
ff893d2224
pkcs15: Remove unused code
2019-10-22 09:22:59 +02:00
5e9e5b232c
card-piv: Fix indentation
2019-10-22 09:17:24 +02:00
459e4ecc37
piv: Avoid insane allocations in fuzzer
2019-10-22 09:17:12 +02:00
544d576b00
asn1: Do not pass null argument to memcpy
...
Reported by clang analyzer:
src/libopensc/asn1.c:1080:2: note: Null pointer passed as an argument to a 'nonnull' parameter
memcpy(p, data, datalen);
2019-10-22 09:15:49 +02:00
889d598bcd
asn1: Initialize values to avoid comparison with garbage
...
Reported by clang analyzer:
src/libopensc/asn1.c:2115:14: warning: The right operand of '<' is a garbage value [clang-analyzer-core.UndefinedBinaryOperatorResult]
if (halflen < r_len || halflen < s_len) {
2019-10-22 09:15:36 +02:00
01678e871e
CI: retry pushing 10 times to nightly
2019-10-18 14:31:09 +02:00
8ded1ae94b
travis: include pkgs to later assamble with opensctoken
2019-10-17 23:30:39 +02:00
2017626ed2
integrate OpenSCToken
2019-10-17 23:30:17 +02:00
f4ac617c19
Remove unused card type
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-10-16 13:16:56 +02:00
3a1bd36e20
Use onepin-opensc-pkcs11.so for Chromium ( #1828 )
...
* pkcs11-register: Fixed detection of already registered OpenSC
Anny configuration of onepin-opensc-pkcs11.so and opensc-pkcs11.so
should be enough to skip registering the default module again.
* Use onepin module for generic NSS DB
fixes https://github.com/OpenSC/OpenSC/issues/1818
May have the disadvantage that some other programs that use NSS don't
see the signature keys. However, we currently only know for sure that
Chromium is using the generic NSS DB.
2019-10-16 13:16:22 +02:00
eac516fd41
dir: Avoid insane allocations
...
Resolves:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17449
2019-10-03 13:57:09 +02:00
5490d73f31
card: Avoid integer overflows
...
Resolves:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17007
2019-10-03 13:57:09 +02:00
34bd879400
openpgp: Properly free the allocated file structure
...
Resolves:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16879
2019-10-03 13:57:09 +02:00
79cb753921
cac: Free the certificate data on failure
...
Resolves:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16819
2019-10-03 13:57:09 +02:00
d6435b0af4
pkcs15-din-66291: Fix indentation
2019-10-03 13:57:09 +02:00
Frank Morgner
Jakub Jelen
pkubaj
Arnout Engelen
Nuno Goncalves
Raul Metsma