Commit Graph

7879 Commits

Author SHA1 Message Date
Jakub Jelen b79db82ae7 openpgp: Workaround non-compliant Yubikey 5 OpenPGP applets
Fixes #1850
2019-11-12 03:38:09 +01:00
Jakub Jelen 0977b5496a pkcs15-pubkey: Avoid memory leaks
Thanks oss-fuzz

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18758
2019-11-11 22:02:53 +01:00
Jakub Jelen cc917b541f asn1: Avoid calling malloc with 0 argument
Caused problems reported by oss-fuzz

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18758
2019-11-11 22:02:41 +01:00
Jakub Jelen cd51430ba7 asn1: Avoid malloc(0) also from BIT STRING and GENERALIZED TIME structures 2019-11-11 22:02:30 +01:00
Jakub Jelen e50bc29bd9 card-setcos.c: Avoid unsigned integer underflow
Thanks oss-fuzz

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18798
2019-11-11 22:02:18 +01:00
Jakub Jelen c173563ad2 coolkey: Accept only SW=90 00 as success to prevent interpretting invalid values 2019-11-11 22:02:08 +01:00
Jakub Jelen ef3e223917 coolkey: Do not interpret empty answers as success
Thanks to oss-fuzz

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18868
2019-11-11 22:01:56 +01:00
Peter Popovec e6a24b71ab MyEID: fix max_recv_size
MyEID 3.3.3 is not working with hardcoded max_recv_size=256 in
card-myeid.c. Use max_recv_size=255 if card major version < 40

Fixes #1852
2019-11-11 21:01:51 +01:00
Frank Morgner a8de0070fd fixed Null-dereference READ
https://oss-fuzz.com/testcase-detail/5644373382922240
Thanks to OSS-Fuzz
2019-11-06 23:38:37 +01:00
Frank Morgner 1a069ca71e fixed Global-buffer-overflow READ 1
https://oss-fuzz.com/testcase-detail/5685978287308800
Thanks to OSS-Fuzz
2019-11-06 23:08:43 +01:00
Frank Morgner 8fea658fe9 fixed 121888 Time of check time of use 2019-11-05 21:49:30 +01:00
Frank Morgner 3a5a90450e fixed 333715 Dereference after null check 2019-11-05 21:49:30 +01:00
Frank Morgner 7007b4a889 fixed 127766 Out-of-bounds read 2019-11-05 21:49:30 +01:00
Frank Morgner 8d7092c0cb 13598 Unchecked return value 2019-11-05 21:49:30 +01:00
Frank Morgner 192994fa13 fixed 13608 Unchecked return value 2019-11-05 21:49:30 +01:00
Frank Morgner 804cb68057 removed 339153 Logically dead code 2019-11-05 21:49:30 +01:00
Frank Morgner 8d3dfb2f6d ignore for 339158 Dereference before null check 2019-11-05 21:49:30 +01:00
Frank Morgner 07cff0e168 fixed 341844 Incorrect deallocator used 2019-11-05 21:49:30 +01:00
Frank Morgner 8b6ba40a8e fixed 341853 Resource leak 2019-11-05 21:49:30 +01:00
Frank Morgner fa35be5859 fixed 347857 Resource leak 2019-11-05 21:49:30 +01:00
Frank Morgner 2a2662fb3d fixed 348981 Resource leak 2019-11-05 21:49:30 +01:00
Frank Morgner 7a1e42e135 fixed compiler warning
fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18701
2019-11-05 10:58:32 +01:00
Frank Morgner c3f23b836e fixed UNKNOWN READ
Reported by OSS-Fuzz
https://oss-fuzz.com/testcase-detail/5681169970757632
2019-11-03 04:45:28 +01:00
Frank Morgner 6263afbe43 fixed memory leak
Reported by OSS-Fuzz
https://oss-fuzz.com/testcase-detail/5697134632632320
2019-11-03 04:38:09 +01:00
Jakub Jelen d3f60a657f pkcs15*: Fail if there is no fallback file_app 2019-11-01 15:53:40 +01:00
Jakub Jelen b75c002cfb cac1: Correctly handle the buffer limits
Found by oss-fuzz

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18618
and others
2019-11-01 15:53:40 +01:00
pkubaj bfa8415ea3 Fix build on ARM, PPC
Those architectures use unsigned char by default, and command variable is later compared to -1.
2019-11-01 15:51:06 +01:00
Jakub Jelen fb15a7dd86 reader-pcsc: Handle yubikey reinsertion
When the application (NSS) does not use WaitForSlotEvent and just
opportunistically tries to detect card and reader removals with
C_GetSlotInfo() and C_GetSessionInfo(), we might get errors in
various plcaes, in the sc_lock() function, when we try to transfer
other messages or when we ask for the reader status.

This is generally too late to call any disconnect functions because no
PC/SC handles are valid anymore. The reader state from PCSC
is searched by name so we can be pretty sure it is very similar
reader (with same name as the old one) and I hope we can reuse the
reader structure and just call the pcsc_connect() on that as we do
with invalid handles.

Otherwise we detect this issue in the refresh_attributes() (called
from C_GetSlotInfo()), where we can report the slot change in the
expected manner.

Fixes #1822
2019-11-01 15:50:34 +01:00
Jakub Jelen 0ea11523a3 Improve logging of exit codes 2019-11-01 15:50:34 +01:00
Frank Morgner 3c87ffaa02 fuzzing: correctly consume fuzzing data 2019-11-01 15:49:10 +01:00
Arnout Engelen a3ee8cefc8 Generate consistent docbook id's 2019-11-01 14:23:40 +01:00
Jakub Jelen 424ebf8ed1 pkcs15: Avoid insane allocations
Thanks oss-fuzz

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18592
2019-10-31 02:18:36 +01:00
Jakub Jelen 51363d3392 cac: Make sure we do not leak memory
Thanks oss-fuzz

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18564
2019-10-31 02:18:20 +01:00
Jakub Jelen 829a73c941 card-npa: Remove dead code 2019-10-31 02:18:04 +01:00
Jakub Jelen 6c7b4bed37 pkcs15*: Avoid null dereference from fuzzers
Thanks oss-fuzz.

Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18591
2019-10-31 02:17:44 +01:00
Frank Morgner 49f59d9fc9 clean up already enumerated apps 2019-10-29 17:54:40 +01:00
Nuno Goncalves 3ac47fbea9 replace SC_FUNC_CALLED(...,1) with SC_FUNC_CALLED(..., SC_LOG_DEBUG_NORMAL) (close #1698)
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
2019-10-28 09:51:28 +01:00
Nuno Goncalves 60581ecc82 remove trailing whitespace
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
2019-10-28 09:51:28 +01:00
Frank Morgner 026b6ab43d fuzzing: validate PIN only if it's a PIN
https://oss-fuzz.com/testcase-detail/5693809152753664
2019-10-26 23:56:19 +02:00
Frank Morgner 3c286b3cb1 fixed Null-dereference READ
https://oss-fuzz.com/testcase-detail/5734505646391296

Thanks to OSS-Fuzz
2019-10-26 23:50:11 +02:00
Jakub Jelen 61cd7fcdb2 card-mcrd: Free the allocated structures on cleanup
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18416
2019-10-25 20:25:06 +02:00
Jakub Jelen 6522df7587 pkcs15: Avoid null dereference in fuzzers
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16617
2019-10-25 20:22:40 +02:00
Jakub Jelen 532b06d07e pkcs15: Avoid insane allocations
and use single max constant accross the code

https://oss-fuzz.com/testcase-detail/6314983763214336
2019-10-25 20:22:40 +02:00
Jakub Jelen f0310f7776 Add fuzzing status to the readme 2019-10-25 20:22:40 +02:00
Jakub Jelen 6810eb6cf1 fuzz_pkcs15_reader: Unbreak strict builds
The error was

fuzz_pkcs15_reader.c: In function ‘fuzz_get_chunk’:
fuzz_pkcs15_reader.c:66:19: error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast]
   66 |     *chunk_size = (uint16_t) data->Data;
      |                   ^
cc1: all warnings being treated as errors
2019-10-25 20:22:40 +02:00
Jakub Jelen cc466eea94 asn1: Avoid undefined shifts by adding explicit cast
The error was:
asn1.c:681:23: runtime error: left shift of 255 by 24 places cannot be represented in type 'int'
	    #0 0x5e9b11 in decode_bit_field opensc/src/libopensc/asn1.c:681:23

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18487
2019-10-25 20:19:50 +02:00
Jakub Jelen 0d091c8e0c asn1: Avoid integer overflow
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18475
2019-10-23 13:50:52 +02:00
Jakub Jelen 6ce6152284 pkcs15-prkey: Simplify cleaning memory after failure
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18478
2019-10-23 13:50:52 +02:00
Jakub Jelen 19f4c7e428 card-mcrd.c: Avoid null dereference
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18477
2019-10-23 13:50:52 +02:00
Jakub Jelen 1be013d08e asn1: Fix undefined shift in OID parser
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16618
2019-10-22 09:42:18 +02:00