[pkg-opensc-commit] [opensc] 240/295: Fix missing error handling of memory allocation (#1020)
Eric Dorland
eric at moszumanska.debian.org
Sat Jun 24 21:11:36 UTC 2017
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository opensc.
commit 6bfb39454bcb51bec350037ca15b760c244a8fd9
Author: Frank Morgner <frankmorgner at gmail.com>
Date: Thu Apr 20 21:08:49 2017 +0200
Fix missing error handling of memory allocation (#1020)
* libopensc: handle allocation errors
* handle more faults during memory allocation
fixes several situations that cause segmentation fault
---
src/common/libpkcs11.c | 3 +
src/common/simclist.c | 130 ++++++++++++++++++++++++++++----------
src/libopensc/card-cac.c | 6 ++
src/libopensc/card-coolkey.c | 4 +-
src/libopensc/card-dnie.c | 5 +-
src/libopensc/card-entersafe.c | 7 +-
src/libopensc/card-gemsafeV1.c | 2 +-
src/libopensc/card-itacns.c | 4 +-
src/libopensc/card-npa.c | 4 ++
src/libopensc/card-oberthur.c | 35 ++++++----
src/libopensc/card-piv.c | 3 -
src/libopensc/card.c | 4 +-
src/libopensc/ctx.c | 8 ++-
src/libopensc/pkcs15-actalis.c | 5 ++
src/libopensc/pkcs15-cac.c | 4 ++
src/libopensc/pkcs15-coolkey.c | 2 +
src/libopensc/pkcs15-infocamere.c | 5 ++
src/libopensc/pkcs15-prkey.c | 4 ++
src/libopensc/pkcs15-pubkey.c | 2 +
src/libopensc/pkcs15.c | 4 ++
src/libopensc/reader-ctapi.c | 11 +++-
src/libopensc/reader-openct.c | 5 +-
src/minidriver/minidriver.c | 2 +
src/pkcs11/framework-pkcs15.c | 15 +++--
src/pkcs11/mechanism.c | 20 +++---
src/pkcs11/pkcs11-global.c | 9 ++-
src/pkcs11/slot.c | 8 ++-
src/pkcs15init/pkcs15-lib.c | 26 +++++---
src/scconf/parse.c | 12 ++--
src/scconf/scconf.c | 22 +++----
src/scconf/sclex.c | 12 +++-
src/tools/opensc-tool.c | 4 +-
src/tools/piv-tool.c | 7 ++
src/tools/pkcs11-tool.c | 4 +-
src/tools/pkcs15-tool.c | 2 +
src/tools/sc-hsm-tool.c | 20 ++++--
src/tools/westcos-tool.c | 3 +-
37 files changed, 299 insertions(+), 124 deletions(-)
diff --git a/src/common/libpkcs11.c b/src/common/libpkcs11.c
index 4ded938..e65fda7 100644
--- a/src/common/libpkcs11.c
+++ b/src/common/libpkcs11.c
@@ -50,6 +50,9 @@ C_LoadModule(const char *mspec, CK_FUNCTION_LIST_PTR_PTR funcs)
sc_pkcs11_module_t *mod;
CK_RV rv, (*c_get_function_list)(CK_FUNCTION_LIST_PTR_PTR);
mod = calloc(1, sizeof(*mod));
+ if (mod == NULL) {
+ return NULL;
+ }
mod->_magic = MAGIC;
if (mspec == NULL) {
diff --git a/src/common/simclist.c b/src/common/simclist.c
index 06f6575..c8e87cc 100644
--- a/src/common/simclist.c
+++ b/src/common/simclist.c
@@ -229,7 +229,11 @@ static simclist_inline long get_random() {
/* list initialization */
int list_init(list_t *simclist_restrict l) {
- if (l == NULL) return -1;
+ if (l == NULL) {
+ return -1;
+ }
+
+ memset(l, 0, sizeof *l);
seed_random();
@@ -238,6 +242,9 @@ int list_init(list_t *simclist_restrict l) {
/* head/tail sentinels and mid pointer */
l->head_sentinel = (struct list_entry_s *)malloc(sizeof(struct list_entry_s));
l->tail_sentinel = (struct list_entry_s *)malloc(sizeof(struct list_entry_s));
+ if (l->tail_sentinel == NULL || l->head_sentinel == NULL) {
+ return -1;
+ }
l->head_sentinel->next = l->tail_sentinel;
l->tail_sentinel->prev = l->head_sentinel;
l->head_sentinel->prev = l->tail_sentinel->next = l->mid = NULL;
@@ -249,14 +256,19 @@ int list_init(list_t *simclist_restrict l) {
l->iter_curentry = NULL;
/* free-list attributes */
- l->spareels = (struct list_entry_s **)malloc(SIMCLIST_MAX_SPARE_ELEMS * sizeof(struct list_entry_s *));
l->spareelsnum = 0;
+ l->spareels = (struct list_entry_s **)malloc(SIMCLIST_MAX_SPARE_ELEMS * sizeof(struct list_entry_s *));
+ if (l->spareels == NULL) {
+ return -1;
+ }
#ifdef SIMCLIST_WITH_THREADS
l->threadcount = 0;
#endif
- list_attributes_setdefaults(l);
+ if (0 != list_attributes_setdefaults(l)) {
+ return -1;
+ }
assert(list_repOk(l));
assert(list_attrOk(l));
@@ -402,6 +414,8 @@ static simclist_inline struct list_entry_s *list_findpos(const list_t *simclist_
float x;
int i;
+ if (l->head_sentinel == NULL || l->tail_sentinel == NULL) return NULL;
+
/* accept 1 slot overflow for fetching head and tail sentinels */
if (posstart < -1 || posstart > (int)l->numels) return NULL;
@@ -430,6 +444,9 @@ void *list_extract_at(list_t *simclist_restrict l, unsigned int pos) {
if (l->iter_active || pos >= l->numels) return NULL;
tmp = list_findpos(l, pos);
+ if (tmp == NULL) {
+ return NULL;
+ }
data = tmp->data;
tmp->data = NULL; /* save data from list_drop_elem() free() */
@@ -452,14 +469,18 @@ int list_insert_at(list_t *simclist_restrict l, const void *data, unsigned int p
l->spareelsnum--;
} else {
lent = (struct list_entry_s *)malloc(sizeof(struct list_entry_s));
- if (lent == NULL)
+ if (lent == NULL) {
return -1;
+ }
}
if (l->attrs.copy_data) {
/* make room for user' data (has to be copied) */
size_t datalen = l->attrs.meter(data);
lent->data = (struct list_entry_s *)malloc(datalen);
+ if (lent->data == NULL) {
+ return -1;
+ }
memcpy(lent->data, data, datalen);
} else {
lent->data = (void*)data;
@@ -467,6 +488,9 @@ int list_insert_at(list_t *simclist_restrict l, const void *data, unsigned int p
/* actually append element */
prec = list_findpos(l, pos-1);
+ if (prec == NULL) {
+ return -1;
+ }
succ = prec->next;
prec->next = lent;
@@ -533,6 +557,9 @@ int list_delete_range(list_t *simclist_restrict l, unsigned int posstart, unsign
if (l->iter_active || posend < posstart || posend >= l->numels) return -1;
tmp = list_findpos(l, posstart); /* first el to be deleted */
+ if (tmp == NULL) {
+ return -1;
+ }
lastvalid = tmp->prev; /* last valid element */
numdel = posend - posstart + 1;
@@ -591,34 +618,36 @@ int list_clear(list_t *simclist_restrict l) {
if (l->iter_active) return -1;
- if (l->attrs.copy_data) { /* also free user data */
- /* spare a loop conditional with two loops: spareing elems and freeing elems */
- for (s = l->head_sentinel->next; l->spareelsnum < SIMCLIST_MAX_SPARE_ELEMS && s != l->tail_sentinel; s = s->next) {
- /* move elements as spares as long as there is room */
- if (s->data != NULL) free(s->data);
- l->spareels[l->spareelsnum++] = s;
- }
- while (s != l->tail_sentinel) {
- /* free the remaining elems */
- if (s->data != NULL) free(s->data);
- s = s->next;
- free(s->prev);
- }
- l->head_sentinel->next = l->tail_sentinel;
- l->tail_sentinel->prev = l->head_sentinel;
- } else { /* only free element containers */
- /* spare a loop conditional with two loops: spareing elems and freeing elems */
- for (s = l->head_sentinel->next; l->spareelsnum < SIMCLIST_MAX_SPARE_ELEMS && s != l->tail_sentinel; s = s->next) {
- /* move elements as spares as long as there is room */
- l->spareels[l->spareelsnum++] = s;
- }
- while (s != l->tail_sentinel) {
- /* free the remaining elems */
- s = s->next;
- free(s->prev);
+ if (l->head_sentinel && l->tail_sentinel) {
+ if (l->attrs.copy_data) { /* also free user data */
+ /* spare a loop conditional with two loops: spareing elems and freeing elems */
+ for (s = l->head_sentinel->next; l->spareelsnum < SIMCLIST_MAX_SPARE_ELEMS && s != l->tail_sentinel; s = s->next) {
+ /* move elements as spares as long as there is room */
+ if (s->data != NULL) free(s->data);
+ l->spareels[l->spareelsnum++] = s;
+ }
+ while (s != l->tail_sentinel) {
+ /* free the remaining elems */
+ if (s->data != NULL) free(s->data);
+ s = s->next;
+ free(s->prev);
+ }
+ l->head_sentinel->next = l->tail_sentinel;
+ l->tail_sentinel->prev = l->head_sentinel;
+ } else { /* only free element containers */
+ /* spare a loop conditional with two loops: spareing elems and freeing elems */
+ for (s = l->head_sentinel->next; l->spareelsnum < SIMCLIST_MAX_SPARE_ELEMS && s != l->tail_sentinel; s = s->next) {
+ /* move elements as spares as long as there is room */
+ l->spareels[l->spareelsnum++] = s;
+ }
+ while (s != l->tail_sentinel) {
+ /* free the remaining elems */
+ s = s->next;
+ free(s->prev);
+ }
+ l->head_sentinel->next = l->tail_sentinel;
+ l->tail_sentinel->prev = l->head_sentinel;
}
- l->head_sentinel->next = l->tail_sentinel;
- l->tail_sentinel->prev = l->head_sentinel;
}
l->numels = 0;
l->mid = NULL;
@@ -640,6 +669,8 @@ int list_locate(const list_t *simclist_restrict l, const void *data) {
struct list_entry_s *el;
int pos = 0;
+ if (l->head_sentinel == NULL || l->tail_sentinel == NULL) return -1;
+
if (l->attrs.comparator != NULL) {
/* use comparator */
for (el = l->head_sentinel->next; el != l->tail_sentinel; el = el->next, pos++) {
@@ -661,6 +692,8 @@ void *list_seek(list_t *simclist_restrict l, const void *indicator) {
if (l->attrs.seeker == NULL) return NULL;
+ if (l->head_sentinel == NULL || l->tail_sentinel == NULL) return NULL;
+
for (iter = l->head_sentinel->next; iter != l->tail_sentinel; iter = iter->next) {
if (l->attrs.seeker(iter->data, indicator) != 0) return iter->data;
}
@@ -677,11 +710,15 @@ int list_concat(const list_t *l1, const list_t *l2, list_t *simclist_restrict de
unsigned int cnt;
int err;
-
if (l1 == NULL || l2 == NULL || dest == NULL || l1 == dest || l2 == dest)
return -1;
- list_init(dest);
+ if (l1->head_sentinel == NULL || l1->tail_sentinel == NULL
+ || l2->head_sentinel == NULL || l2->tail_sentinel == NULL) return -1;
+
+ if (0 != list_init(dest)) {
+ return -1;
+ }
dest->numels = l1->numels + l2->numels;
if (dest->numels == 0)
@@ -692,6 +729,9 @@ int list_concat(const list_t *l1, const list_t *l2, list_t *simclist_restrict de
el = dest->head_sentinel;
while (srcel != l1->tail_sentinel) {
el->next = (struct list_entry_s *)malloc(sizeof(struct list_entry_s));
+ if (el->next == NULL) {
+ return -1;
+ }
el->next->prev = el;
el = el->next;
el->data = srcel->data;
@@ -702,6 +742,9 @@ int list_concat(const list_t *l1, const list_t *l2, list_t *simclist_restrict de
srcel = l2->head_sentinel->next;
while (srcel != l2->tail_sentinel) {
el->next = (struct list_entry_s *)malloc(sizeof(struct list_entry_s));
+ if (el->next == NULL) {
+ return -1;
+ }
el->next->prev = el;
el = el->next;
el->data = srcel->data;
@@ -731,6 +774,9 @@ int list_sort(list_t *simclist_restrict l, int versus) {
if (l->numels <= 1)
return 0;
+
+ if (l->head_sentinel == NULL || l->tail_sentinel == NULL) return -1;
+
list_sort_quicksort(l, versus, 0, l->head_sentinel->next, l->numels-1, l->tail_sentinel->prev);
assert(list_repOk(l));
return 0;
@@ -869,6 +915,9 @@ static void list_sort_quicksort(list_t *simclist_restrict l, int versus,
/* prepare wrapped args, then start thread */
if (l->threadcount < SIMCLIST_MAXTHREADS-1) {
struct list_sort_wrappedparams *wp = (struct list_sort_wrappedparams *)malloc(sizeof(struct list_sort_wrappedparams));
+ if (wp == NULL) {
+ return -1;
+ }
l->threadcount++;
traised = 1;
wp->l = l;
@@ -899,6 +948,7 @@ static void list_sort_quicksort(list_t *simclist_restrict l, int versus,
int list_iterator_start(list_t *simclist_restrict l) {
if (l->iter_active) return 0;
+ if (l->head_sentinel == NULL) return -1;
l->iter_pos = 0;
l->iter_active = 1;
l->iter_curentry = l->head_sentinel->next;
@@ -1247,6 +1297,9 @@ int list_restore_filedescriptor(list_t *simclist_restrict l, int fd, size_t *sim
if (l->attrs.unserializer != NULL) {
/* use unserializer */
buf = malloc(header.elemlen);
+ if (buf == NULL) {
+ return -1;
+ }
for (cnt = 0; cnt < header.numels; cnt++) {
READ_ERRCHECK(fd, buf, header.elemlen);
list_append(l, l->attrs.unserializer(buf, & elsize));
@@ -1256,6 +1309,9 @@ int list_restore_filedescriptor(list_t *simclist_restrict l, int fd, size_t *sim
/* copy verbatim into memory */
for (cnt = 0; cnt < header.numels; cnt++) {
buf = malloc(header.elemlen);
+ if (buf == NULL) {
+ return -1;
+ }
READ_ERRCHECK(fd, buf, header.elemlen);
list_append(l, buf);
}
@@ -1269,6 +1325,9 @@ int list_restore_filedescriptor(list_t *simclist_restrict l, int fd, size_t *sim
for (cnt = 0; cnt < header.numels; cnt++) {
READ_ERRCHECK(fd, & elsize, sizeof(elsize));
buf = malloc((size_t)elsize);
+ if (buf == NULL) {
+ return -1;
+ }
READ_ERRCHECK(fd, buf, elsize);
totreadlen += elsize;
list_append(l, l->attrs.unserializer(buf, & elsize));
@@ -1279,6 +1338,9 @@ int list_restore_filedescriptor(list_t *simclist_restrict l, int fd, size_t *sim
for (cnt = 0; cnt < header.numels; cnt++) {
READ_ERRCHECK(fd, & elsize, sizeof(elsize));
buf = malloc(elsize);
+ if (buf == NULL) {
+ return -1;
+ }
READ_ERRCHECK(fd, buf, elsize);
totreadlen += elsize;
list_append(l, buf);
@@ -1368,7 +1430,7 @@ static int list_drop_elem(list_t *simclist_restrict l, struct list_entry_s *tmp,
if (l->attrs.copy_data && tmp->data != NULL)
free(tmp->data);
- if (l->spareelsnum < SIMCLIST_MAX_SPARE_ELEMS) {
+ if (l->spareels != NULL && l->spareelsnum < SIMCLIST_MAX_SPARE_ELEMS) {
l->spareels[l->spareelsnum++] = tmp;
} else {
free(tmp);
diff --git a/src/libopensc/card-cac.c b/src/libopensc/card-cac.c
index b4f5ca2..e1748bf 100644
--- a/src/libopensc/card-cac.c
+++ b/src/libopensc/card-cac.c
@@ -190,6 +190,8 @@ static cac_private_data_t *cac_new_private_data(void)
{
cac_private_data_t *priv;
priv = calloc(1, sizeof(cac_private_data_t));
+ if (!priv)
+ return NULL;
list_init(&priv->pki_list);
list_attributes_comparator(&priv->pki_list, cac_list_compare_path);
list_attributes_copy(&priv->pki_list, cac_list_meter, 1);
@@ -1453,6 +1455,8 @@ static int cac_find_and_initialize(sc_card_t *card, int initialize)
return r;
priv = cac_new_private_data();
+ if (!priv)
+ return SC_ERROR_OUT_OF_MEMORY;
r = cac_process_CCC(card, priv);
if (r == SC_SUCCESS) {
card->type = SC_CARD_TYPE_CAC_II;
@@ -1470,6 +1474,8 @@ static int cac_find_and_initialize(sc_card_t *card, int initialize)
if (!priv) {
priv = cac_new_private_data();
+ if (!priv)
+ return SC_ERROR_OUT_OF_MEMORY;
}
r = cac_populate_cac_1(card, index, priv);
if (r == SC_SUCCESS) {
diff --git a/src/libopensc/card-coolkey.c b/src/libopensc/card-coolkey.c
index 798e490..5d462a8 100644
--- a/src/libopensc/card-coolkey.c
+++ b/src/libopensc/card-coolkey.c
@@ -788,6 +788,8 @@ static coolkey_private_data_t *coolkey_new_private_data(void)
coolkey_private_data_t *priv;
/* allocate priv and zero all the fields */
priv = calloc(1, sizeof(coolkey_private_data_t));
+ if (!priv)
+ return NULL;
/* set other fields as appropriate */
priv->key_id = COOLKEY_INVALID_KEY;
list_init(&priv->objects_list);
@@ -2152,7 +2154,7 @@ static int coolkey_initialize(sc_card_t *card)
priv = coolkey_new_private_data();
if (priv == NULL) {
- r= SC_ERROR_OUT_OF_MEMORY;
+ r = SC_ERROR_OUT_OF_MEMORY;
goto cleanup;
}
r = coolkey_get_life_cycle(card, &life_cycle);
diff --git a/src/libopensc/card-dnie.c b/src/libopensc/card-dnie.c
index 204ffbd..284528a 100644
--- a/src/libopensc/card-dnie.c
+++ b/src/libopensc/card-dnie.c
@@ -422,9 +422,8 @@ static int dnie_get_environment(
/* look for sc block in opensc.conf */
ctx = card->ctx;
for (i = 0; ctx->conf_blocks[i]; i++) {
- blocks =
- scconf_find_blocks(ctx->conf, ctx->conf_blocks[i],
- "card_driver", "dnie");
+ blocks = scconf_find_blocks(ctx->conf, ctx->conf_blocks[i],
+ "card_driver", "dnie");
if (!blocks)
continue;
blk = blocks[0];
diff --git a/src/libopensc/card-entersafe.c b/src/libopensc/card-entersafe.c
index 65115ab..abc8008 100644
--- a/src/libopensc/card-entersafe.c
+++ b/src/libopensc/card-entersafe.c
@@ -387,8 +387,13 @@ static int entersafe_transmit_apdu(sc_card_t *card, sc_apdu_t *apdu,
{
mac_data_size=apdu->lc+4;
mac_data=malloc(mac_data_size);
+ if(!mac_data)
+ {
+ r = SC_ERROR_OUT_OF_MEMORY;
+ goto out;
+ }
r = entersafe_mac_apdu(card,apdu,key,keylen,mac_data,mac_data_size);
- if(r<0)
+ if(r < 0)
goto out;
}
diff --git a/src/libopensc/card-gemsafeV1.c b/src/libopensc/card-gemsafeV1.c
index 3ce7a5e..ff05629 100644
--- a/src/libopensc/card-gemsafeV1.c
+++ b/src/libopensc/card-gemsafeV1.c
@@ -99,7 +99,7 @@ static int get_conf_aid(sc_card_t *card, u8 *aid, size_t *len)
for (i = 0; ctx->conf_blocks[i] != NULL; i++) {
blocks = scconf_find_blocks(ctx->conf, ctx->conf_blocks[i],
"card", "gemsafeV1");
- if (blocks[0] != NULL)
+ if (blocks != NULL && blocks[0] != NULL)
conf_block = blocks[0];
free(blocks);
}
diff --git a/src/libopensc/card-itacns.c b/src/libopensc/card-itacns.c
index d73057e..f322f89 100644
--- a/src/libopensc/card-itacns.c
+++ b/src/libopensc/card-itacns.c
@@ -208,6 +208,8 @@ static int itacns_init(sc_card_t *card)
card->cla = 0x00;
card->drv_data = calloc(1, sizeof(itacns_drv_data_t));
+ if (!card->drv_data)
+ return SC_ERROR_OUT_OF_MEMORY;
/* Match ATR again to find the card data. */
itacns_match_card(card);
@@ -219,7 +221,7 @@ static int itacns_init(sc_card_t *card)
;
_sc_card_add_rsa_alg(card, 1024, flags, 0);
- return 0;
+ return SC_SUCCESS;
}
static int itacns_finish(struct sc_card *card)
diff --git a/src/libopensc/card-npa.c b/src/libopensc/card-npa.c
index c9067b1..2de14d2 100644
--- a/src/libopensc/card-npa.c
+++ b/src/libopensc/card-npa.c
@@ -371,6 +371,10 @@ static int npa_init(sc_card_t * card)
EAC_init();
#endif
card->drv_data = npa_drv_data_create();
+ if (!card->drv_data) {
+ r = SC_ERROR_OUT_OF_MEMORY;
+ goto err;
+ }
r = npa_load_options(card->ctx, card->drv_data);
if (r != SC_SUCCESS)
goto err;
diff --git a/src/libopensc/card-oberthur.c b/src/libopensc/card-oberthur.c
index 86c10e7..9842055 100644
--- a/src/libopensc/card-oberthur.c
+++ b/src/libopensc/card-oberthur.c
@@ -2122,6 +2122,10 @@ auth_read_binary(struct sc_card *card, unsigned int offset,
{
int rv;
char debug_buf[2048];
+ struct sc_pkcs15_bignum bn[2];
+ unsigned char *out = NULL;
+ bn[0].data = NULL;
+ bn[1].data = NULL;
LOG_FUNC_CALLED(card->ctx);
sc_log(card->ctx,
@@ -2136,9 +2140,8 @@ auth_read_binary(struct sc_card *card, unsigned int offset,
if (auth_current_ef->magic==SC_FILE_MAGIC &&
auth_current_ef->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC) {
int jj;
- unsigned char resp[256], *out = NULL;
+ unsigned char resp[256];
size_t resp_len, out_len;
- struct sc_pkcs15_bignum bn[2];
struct sc_pkcs15_pubkey_rsa key;
resp_len = sizeof(resp);
@@ -2150,14 +2153,22 @@ auth_read_binary(struct sc_card *card, unsigned int offset,
;
bn[0].data = calloc(1, rv - jj);
+ if (!bn[0].data) {
+ rv = SC_ERROR_OUT_OF_MEMORY;
+ goto err;
+ }
bn[0].len = rv - jj;
memcpy(bn[0].data, resp + jj, rv - jj);
rv = auth_read_component(card, SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC,
1, resp, resp_len);
- LOG_TEST_RET(card->ctx, rv, "Cannot read RSA public key component");
+ LOG_TEST_GOTO_ERR(card->ctx, rv, "Cannot read RSA public key component");
bn[1].data = calloc(1, rv);
+ if (!bn[1].data) {
+ rv = SC_ERROR_OUT_OF_MEMORY;
+ goto err;
+ }
bn[1].len = rv;
memcpy(bn[1].data, resp, rv);
@@ -2165,8 +2176,8 @@ auth_read_binary(struct sc_card *card, unsigned int offset,
key.modulus = bn[1];
if (sc_pkcs15_encode_pubkey_rsa(card->ctx, &key, &out, &out_len)) {
- LOG_TEST_RET(card->ctx, SC_ERROR_INVALID_ASN1_OBJECT,
- "cannot encode RSA public key");
+ rv = SC_ERROR_INVALID_ASN1_OBJECT;
+ LOG_TEST_GOTO_ERR(card->ctx, rv, "cannot encode RSA public key");
}
else {
rv = out_len - offset > count ? count : out_len - offset;
@@ -2179,18 +2190,16 @@ auth_read_binary(struct sc_card *card, unsigned int offset,
"write_publickey in %"SC_FORMAT_LEN_SIZE_T"u bytes :\n%s",
count, debug_buf);
}
-
- if (bn[0].data)
- free(bn[0].data);
- if (bn[1].data)
- free(bn[1].data);
- if (out)
- free(out);
}
- else {
+ else {
rv = iso_ops->read_binary(card, offset, buf, count, 0);
}
+err:
+ free(bn[0].data);
+ free(bn[1].data);
+ free(out);
+
LOG_FUNC_RETURN(card->ctx, rv);
}
diff --git a/src/libopensc/card-piv.c b/src/libopensc/card-piv.c
index 0f22d14..7df1f2e 100644
--- a/src/libopensc/card-piv.c
+++ b/src/libopensc/card-piv.c
@@ -579,9 +579,6 @@ static int piv_general_io(sc_card_t *card, int ins, int p1, int p2,
/* if using internal buffer, alloc new one */
if (rbuf == rbufinitbuf) {
*recvbuf = malloc(rbuflen);
- sc_log(card->ctx,
- "DEE got buffer %p len %"SC_FORMAT_LEN_SIZE_T"u",
- *recvbuf, rbuflen);
if (*recvbuf == NULL) {
r = SC_ERROR_OUT_OF_MEMORY;
goto err;
diff --git a/src/libopensc/card.c b/src/libopensc/card.c
index 46091aa..9a8b5f6 100644
--- a/src/libopensc/card.c
+++ b/src/libopensc/card.c
@@ -1414,12 +1414,12 @@ sc_card_sm_check(struct sc_card *card)
for (ii = 0; ctx->conf_blocks[ii]; ii++) {
scconf_block **blocks;
- blocks = scconf_find_blocks(ctx->conf, ctx->conf_blocks[ii], "secure_messaging", sm);
+ blocks = scconf_find_blocks(ctx->conf, ctx->conf_blocks[ii], "secure_messaging", sm);
if (blocks) {
sm_conf_block = blocks[0];
free(blocks);
}
- if (sm_conf_block != NULL)
+ if (sm_conf_block != NULL)
break;
}
diff --git a/src/libopensc/ctx.c b/src/libopensc/ctx.c
index 1e3d0db..e74619a 100644
--- a/src/libopensc/ctx.c
+++ b/src/libopensc/ctx.c
@@ -670,12 +670,12 @@ static void process_config_file(sc_context_t *ctx, struct _sc_ctx_options *opts)
return;
}
blocks = scconf_find_blocks(ctx->conf, NULL, "app", ctx->app_name);
- if (blocks[0])
+ if (blocks && blocks[0])
ctx->conf_blocks[count++] = blocks[0];
free(blocks);
if (strcmp(ctx->app_name, "default") != 0) {
blocks = scconf_find_blocks(ctx->conf, NULL, "app", "default");
- if (blocks[0])
+ if (blocks && blocks[0])
ctx->conf_blocks[count] = blocks[0];
free(blocks);
}
@@ -775,7 +775,9 @@ int sc_context_create(sc_context_t **ctx_out, const sc_context_param_t *parm)
ctx->flags = parm->flags;
set_defaults(ctx, &opts);
- list_init(&ctx->readers);
+ if (0 != list_init(&ctx->readers)) {
+ return SC_ERROR_OUT_OF_MEMORY;
+ }
list_attributes_seeker(&ctx->readers, reader_list_seeker);
/* set thread context and create mutex object (if specified) */
if (parm->thread_ctx != NULL)
diff --git a/src/libopensc/pkcs15-actalis.c b/src/libopensc/pkcs15-actalis.c
index f42cc03..2498392 100644
--- a/src/libopensc/pkcs15-actalis.c
+++ b/src/libopensc/pkcs15-actalis.c
@@ -225,6 +225,11 @@ static int sc_pkcs15emu_actalis_init(sc_pkcs15_card_t * p15card)
compCert = malloc(compLen * sizeof(unsigned char));
len = 3 * compLen; /*Approximation of the uncompressed size */
cert = malloc(len * sizeof(unsigned char));
+ if (!cert || !compCert) {
+ free(cert);
+ free(compCert);
+ return SC_ERROR_OUT_OF_MEMORY;
+ }
sc_read_binary(card, 4, compCert, compLen, 0);
diff --git a/src/libopensc/pkcs15-cac.c b/src/libopensc/pkcs15-cac.c
index 1fd2ecf..d82854d 100644
--- a/src/libopensc/pkcs15-cac.c
+++ b/src/libopensc/pkcs15-cac.c
@@ -373,6 +373,10 @@ static int sc_pkcs15emu_cac_init(sc_pkcs15_card_t *p15card)
cert_out->subject_len, &cn_oid, &cn_name, &cn_len);
if (r == SC_SUCCESS) {
token_name = malloc (cn_len+1);
+ if (!token_name) {
+ r = SC_ERROR_OUT_OF_MEMORY;
+ goto fail;
+ }
memcpy(token_name, cn_name, cn_len);
free(cn_name);
token_name[cn_len] = 0;
diff --git a/src/libopensc/pkcs15-coolkey.c b/src/libopensc/pkcs15-coolkey.c
index de4920b..5064a0f 100644
--- a/src/libopensc/pkcs15-coolkey.c
+++ b/src/libopensc/pkcs15-coolkey.c
@@ -380,6 +380,8 @@ coolkey_make_public_key(sc_card_t *card, sc_cardctl_coolkey_object_t *obj, CK_KE
int r;
key = calloc(1, sizeof(struct sc_pkcs15_pubkey));
+ if (!key)
+ return NULL;
switch (key_type) {
case CKK_RSA:
key->algorithm = SC_ALGORITHM_RSA;
diff --git a/src/libopensc/pkcs15-infocamere.c b/src/libopensc/pkcs15-infocamere.c
index 399bfd9..14c1887 100644
--- a/src/libopensc/pkcs15-infocamere.c
+++ b/src/libopensc/pkcs15-infocamere.c
@@ -519,6 +519,11 @@ static int loadCertificate(sc_pkcs15_card_t * p15card, int i,
compCert = malloc(compLen * sizeof(unsigned char));
len = 4 * compLen; /*Approximation of the uncompressed size */
cert = malloc(len * sizeof(unsigned char));
+ if (!cert || !compCert) {
+ free(cert);
+ free(compCert);
+ return SC_ERROR_OUT_OF_MEMORY;
+ }
sc_read_binary(card, 4, compCert, compLen, 0);
diff --git a/src/libopensc/pkcs15-prkey.c b/src/libopensc/pkcs15-prkey.c
index 2c775eb..d3eee98 100644
--- a/src/libopensc/pkcs15-prkey.c
+++ b/src/libopensc/pkcs15-prkey.c
@@ -619,6 +619,8 @@ sc_pkcs15_convert_bignum(sc_pkcs15_bignum_t *dst, const void *src)
return 0;
dst->len = BN_num_bytes(bn);
dst->data = malloc(dst->len);
+ if (!dst->data)
+ return 0;
BN_bn2bin(bn, dst->data);
return 1;
#else
@@ -722,6 +724,8 @@ sc_pkcs15_convert_prkey(struct sc_pkcs15_prkey *pkcs15_key, void *evp_key)
/* copy the public key */
dst->ecpointQ.value = malloc(buflen);
+ if (!dst->ecpointQ.value)
+ return SC_ERROR_OUT_OF_MEMORY;
memcpy(dst->ecpointQ.value, buf, buflen);
dst->ecpointQ.len = buflen;
diff --git a/src/libopensc/pkcs15-pubkey.c b/src/libopensc/pkcs15-pubkey.c
index 6aab12c..4035321 100644
--- a/src/libopensc/pkcs15-pubkey.c
+++ b/src/libopensc/pkcs15-pubkey.c
@@ -1095,6 +1095,8 @@ sc_pkcs15_dup_pubkey(struct sc_context *ctx, struct sc_pkcs15_pubkey *key, struc
rv = sc_asn1_encode_algorithm_id(ctx, &alg, &alglen,key->alg_id, 0);
if (rv == SC_SUCCESS) {
pubkey->alg_id = (struct sc_algorithm_id *)calloc(1, sizeof(struct sc_algorithm_id));
+ if (pubkey->alg_id == NULL)
+ LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
rv = sc_asn1_decode_algorithm_id(ctx, alg, alglen, pubkey->alg_id, 0);
free(alg);
}
diff --git a/src/libopensc/pkcs15.c b/src/libopensc/pkcs15.c
index e9317f9..7eabdd4 100644
--- a/src/libopensc/pkcs15.c
+++ b/src/libopensc/pkcs15.c
@@ -1153,6 +1153,10 @@ sc_pkcs15_bind_internal(struct sc_pkcs15_card *p15card, struct sc_aid *aid)
if (!p15card->tokeninfo->serial_number && card->serialnr.len) {
char *serial = calloc(1, card->serialnr.len*2 + 1);
size_t ii;
+ if (!serial) {
+ err = SC_ERROR_OUT_OF_MEMORY;
+ goto end;
+ }
for(ii=0;ii<card->serialnr.len;ii++)
sprintf(serial + ii*2, "%02X", *(card->serialnr.value + ii));
diff --git a/src/libopensc/reader-ctapi.c b/src/libopensc/reader-ctapi.c
index 0fc01db..3c1db60 100644
--- a/src/libopensc/reader-ctapi.c
+++ b/src/libopensc/reader-ctapi.c
@@ -190,7 +190,7 @@ static int ctapi_transmit(sc_reader_t *reader, sc_apdu_t *apdu)
int r;
rsize = rbuflen = apdu->resplen + 2;
- rbuf = malloc(rbuflen);
+ rbuf = malloc(rbuflen);
if (rbuf == NULL) {
r = SC_ERROR_OUT_OF_MEMORY;
goto out;
@@ -310,9 +310,14 @@ static struct ctapi_module * add_module(struct ctapi_global_private_data *gpriv,
const char *name, void *dlhandle)
{
int i;
+ struct ctapi_module *p;
i = gpriv->module_count;
- gpriv->modules = (struct ctapi_module *) realloc(gpriv->modules, sizeof(struct ctapi_module) * (i+1));
+ p = (struct ctapi_module *) realloc(gpriv->modules, sizeof(struct ctapi_module) * (i+1));
+ if (!p) {
+ return NULL;
+ }
+ gpriv->modules = p;
gpriv->modules[i].name = strdup(name);
gpriv->modules[i].dlhandle = dlhandle;
gpriv->modules[i].ctn_count = 0;
@@ -358,6 +363,8 @@ static int ctapi_load_module(sc_context_t *ctx,
goto symerr;
mod = add_module(gpriv, val, dlh);
+ if (!mod)
+ goto symerr;
for (; list != NULL; list = list->next) {
int port;
char namebuf[128];
diff --git a/src/libopensc/reader-openct.c b/src/libopensc/reader-openct.c
index 9e3bef6..7f586e9 100644
--- a/src/libopensc/reader-openct.c
+++ b/src/libopensc/reader-openct.c
@@ -115,9 +115,8 @@ openct_add_reader(sc_context_t *ctx, unsigned int num, ct_info_t *info)
int rc;
if (!(reader = calloc(1, sizeof(*reader)))
- || !(data = (calloc(1, sizeof(*data))))) {
- if (reader)
- free(reader);
+ || !(data = (calloc(1, sizeof(*data))))) {
+ free(reader);
return SC_ERROR_OUT_OF_MEMORY;
}
diff --git a/src/minidriver/minidriver.c b/src/minidriver/minidriver.c
index 8d7af5a..705b734 100644
--- a/src/minidriver/minidriver.c
+++ b/src/minidriver/minidriver.c
@@ -5694,6 +5694,8 @@ DWORD WINAPI CardAcquireContext(__inout PCARD_DATA pCardData, __in DWORD dwFlags
/* VENDOR SPECIFIC */
vs = pCardData->pvVendorSpecific = pCardData->pfnCspAlloc(sizeof(VENDOR_SPECIFIC));
+ if (!vs)
+ return SCARD_E_NO_MEMORY;
memset(vs, 0, sizeof(VENDOR_SPECIFIC));
logprintf(pCardData, 1, "==================================================================\n");
diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
index 3441b99..dba579a 100644
--- a/src/pkcs11/framework-pkcs15.c
+++ b/src/pkcs11/framework-pkcs15.c
@@ -968,6 +968,9 @@ pkcs15_init_slot(struct sc_pkcs15_card *p15card, struct sc_pkcs11_slot *slot,
slot->token_info.flags |= CKF_RNG;
slot->fw_data = fw_data = calloc(1, sizeof(*fw_data));
+ if (!fw_data) {
+ return;
+ }
fw_data->auth_obj = auth;
if (auth != NULL) {
@@ -2136,7 +2139,7 @@ pkcs15_create_secret_key(struct sc_pkcs11_slot *slot, struct sc_profile *profile
if (attr->pValue) {
args.data_value.value = calloc(1,attr->ulValueLen);
if (!args.data_value.value)
- return CKR_HOST_MEMORY;
+ return CKR_HOST_MEMORY;
memcpy(args.data_value.value, attr->pValue, attr->ulValueLen);
args.data_value.len = attr->ulValueLen;
}
@@ -2170,8 +2173,8 @@ pkcs15_create_secret_key(struct sc_pkcs11_slot *slot, struct sc_profile *profile
key_obj = calloc(1, sizeof(sc_pkcs15_object_t));
if (key_obj == NULL) {
- rv = CKR_HOST_MEMORY;
- goto out;
+ rv = CKR_HOST_MEMORY;
+ goto out;
}
key_obj->type = SC_PKCS15_TYPE_SKEY;
@@ -2181,9 +2184,9 @@ pkcs15_create_secret_key(struct sc_pkcs11_slot *slot, struct sc_profile *profile
key_obj->flags = 2; /* TODO not sure what these mean */
skey_info = calloc(1, sizeof(sc_pkcs15_skey_info_t));
- if (skey_info == NULL) {
- rv = CKR_HOST_MEMORY;
- goto out;
+ if (skey_info == NULL) {
+ rv = CKR_HOST_MEMORY;
+ goto out;
}
key_obj->data = skey_info;
skey_info->usage = args.usage;
diff --git a/src/pkcs11/mechanism.c b/src/pkcs11/mechanism.c
index 827857b..0ac4366 100644
--- a/src/pkcs11/mechanism.c
+++ b/src/pkcs11/mechanism.c
@@ -704,6 +704,10 @@ sc_pkcs11_verify_final(sc_pkcs11_operation_t *operation,
if (rv != CKR_OK)
return rv;
pubkey_value = calloc(1, attr.ulValueLen);
+ if (!pubkey_value) {
+ rv = CKR_HOST_MEMORY;
+ goto done;
+ }
attr.pValue = pubkey_value;
rv = key->ops->get_attribute(operation->session, key, &attr);
if (rv != CKR_OK)
@@ -841,19 +845,19 @@ sc_pkcs11_deri(struct sc_pkcs11_session *session,
ulDataLen = 0;
rv = operation->type->derive(operation, basekey,
- pMechanism->pParameter, pMechanism->ulParameterLen,
- NULL, &ulDataLen);
+ pMechanism->pParameter, pMechanism->ulParameterLen,
+ NULL, &ulDataLen);
if (rv != CKR_OK)
- goto out;
+ goto out;
if (ulDataLen > 0)
- keybuf = calloc(1,ulDataLen);
+ keybuf = calloc(1,ulDataLen);
else
- keybuf = calloc(1,8); /* pass in dummy buffer */
+ keybuf = calloc(1,8); /* pass in dummy buffer */
- if (!keybuf) {
- rv = CKR_HOST_MEMORY;
- goto out;
+ if (!keybuf) {
+ rv = CKR_HOST_MEMORY;
+ goto out;
}
/* Now do the actuall derivation */
diff --git a/src/pkcs11/pkcs11-global.c b/src/pkcs11/pkcs11-global.c
index 7a45531..5f04a7f 100644
--- a/src/pkcs11/pkcs11-global.c
+++ b/src/pkcs11/pkcs11-global.c
@@ -257,11 +257,18 @@ CK_RV C_Initialize(CK_VOID_PTR pInitArgs)
load_pkcs11_parameters(&sc_pkcs11_conf, context);
/* List of sessions */
- list_init(&sessions);
+ if (0 != list_init(&sessions)) {
+ rv = CKR_HOST_MEMORY;
+ goto out;
+ }
list_attributes_seeker(&sessions, session_list_seeker);
/* List of slots */
list_init(&virtual_slots);
+ if (0 != list_init(&virtual_slots)) {
+ rv = CKR_HOST_MEMORY;
+ goto out;
+ }
list_attributes_seeker(&virtual_slots, slot_list_seeker);
/* Create slots for readers found on initialization, only if in 2.11 mode */
diff --git a/src/pkcs11/slot.c b/src/pkcs11/slot.c
index 5b36851..0b6b208 100644
--- a/src/pkcs11/slot.c
+++ b/src/pkcs11/slot.c
@@ -95,10 +95,14 @@ CK_RV create_slot(sc_reader_t *reader)
return CKR_HOST_MEMORY;
list_append(&virtual_slots, slot);
- list_init(&slot->objects);
+ if (0 != list_init(&slot->objects)) {
+ return CKR_HOST_MEMORY;
+ }
list_attributes_seeker(&slot->objects, object_list_seeker);
- list_init(&slot->logins);
+ if (0 != list_init(&slot->logins)) {
+ return CKR_HOST_MEMORY;
+ }
} else {
/* reuse the old list of logins/objects since they should be empty */
list_t logins = slot->logins;
diff --git a/src/pkcs15init/pkcs15-lib.c b/src/pkcs15init/pkcs15-lib.c
index c11f8ae..a69e43b 100644
--- a/src/pkcs15init/pkcs15-lib.c
+++ b/src/pkcs15init/pkcs15-lib.c
@@ -203,6 +203,8 @@ get_profile_from_config(struct sc_card *card, char *buffer, size_t size)
blocks = scconf_find_blocks(ctx->conf, ctx->conf_blocks[i],
"card_driver",
card->driver->short_name);
+ if (!blocks)
+ continue;
blk = blocks[0];
free(blocks);
if (blk == NULL)
@@ -228,18 +230,22 @@ find_library(struct sc_context *ctx, const char *name)
for (i = 0; ctx->conf_blocks[i]; i++) {
blocks = scconf_find_blocks(ctx->conf, ctx->conf_blocks[i], "framework", "pkcs15");
- blk = blocks[0];
- free(blocks);
- if (blk == NULL)
- continue;
+ if (!blocks)
+ continue;
+ blk = blocks[0];
+ free(blocks);
+ if (blk == NULL)
+ continue;
blocks = scconf_find_blocks(ctx->conf, blk, "pkcs15init", name);
+ if (!blocks)
+ continue;
blk = blocks[0];
- free(blocks);
- if (blk == NULL)
- continue;
- libname = scconf_get_str(blk, "module", NULL);
- break;
- }
+ free(blocks);
+ if (blk == NULL)
+ continue;
+ libname = scconf_get_str(blk, "module", NULL);
+ break;
+ }
if (!libname) {
sc_log(ctx, "unable to locate pkcs15init driver for '%s'", name);
}
diff --git a/src/scconf/parse.c b/src/scconf/parse.c
index f0e585b..c8bf141 100644
--- a/src/scconf/parse.c
+++ b/src/scconf/parse.c
@@ -107,11 +107,10 @@ static scconf_item *scconf_item_add_internal(scconf_parser * parser, int type)
return item;
}
}
- item = malloc(sizeof(scconf_item));
+ item = calloc(1, sizeof(scconf_item));
if (!item) {
return NULL;
}
- memset(item, 0, sizeof(scconf_item));
item->type = type;
item->key = parser->key;
@@ -177,12 +176,14 @@ static void scconf_block_add_internal(scconf_parser * parser)
scconf_item *item;
item = scconf_item_add_internal(parser, SCCONF_ITEM_TYPE_BLOCK);
+ if (!item) {
+ return;
+ }
- block = malloc(sizeof(scconf_block));
+ block = calloc(1, sizeof(scconf_block));
if (!block) {
return;
}
- memset(block, 0, sizeof(scconf_block));
block->parent = parser->block;
item->value.block = block;
@@ -259,6 +260,9 @@ void scconf_parse_token(scconf_parser * parser, int token_type, const char *toke
/* fall through - treat empty lines as comments */
case TOKEN_TYPE_COMMENT:
item = scconf_item_add_internal(parser, SCCONF_ITEM_TYPE_COMMENT);
+ if (!item) {
+ return;
+ }
item->value.comment = token ? strdup(token) : NULL;
break;
case TOKEN_TYPE_STRING:
diff --git a/src/scconf/scconf.c b/src/scconf/scconf.c
index 678df3e..0849560 100644
--- a/src/scconf/scconf.c
+++ b/src/scconf/scconf.c
@@ -35,13 +35,12 @@ scconf_context *scconf_new(const char *filename)
{
scconf_context *config;
- config = malloc(sizeof(scconf_context));
+ config = calloc(1, sizeof(scconf_context));
if (!config) {
return NULL;
}
- memset(config, 0, sizeof(scconf_context));
config->filename = filename ? strdup(filename) : NULL;
- config->root = malloc(sizeof(scconf_block));
+ config->root = calloc(1, sizeof(scconf_block));
if (!config->root) {
if (config->filename) {
free(config->filename);
@@ -49,7 +48,6 @@ scconf_context *scconf_new(const char *filename)
free(config);
return NULL;
}
- memset(config->root, 0, sizeof(scconf_block));
return config;
}
@@ -107,6 +105,8 @@ scconf_block **scconf_find_blocks(const scconf_context * config, const scconf_bl
for (item = block->items; item; item = item->next) {
if (item->type == SCCONF_ITEM_TYPE_BLOCK &&
strcasecmp(item_name, item->key) == 0) {
+ if (!item->value.block)
+ continue;
if (key && strcasecmp(key, item->value.block->name->data)) {
continue;
}
@@ -207,21 +207,19 @@ scconf_item *scconf_item_copy(const scconf_item * src, scconf_item ** dst)
{
scconf_item *ptr, *_dst = NULL, *next = NULL;
- next = malloc(sizeof(scconf_item));
+ next = calloc(1, sizeof(scconf_item));
if (!next) {
return NULL;
}
- memset(next, 0, sizeof(scconf_item));
ptr = next;
_dst = next;
while (src) {
if (!next) {
- next = malloc(sizeof(scconf_item));
+ next = calloc(1, sizeof(scconf_item));
if (!next) {
scconf_item_destroy(ptr);
return NULL;
}
- memset(next, 0, sizeof(scconf_item));
_dst->next = next;
}
next->type = src->type;
@@ -281,7 +279,7 @@ scconf_block *scconf_block_copy(const scconf_block * src, scconf_block ** dst)
if (src) {
scconf_block *_dst = NULL;
- _dst = malloc(sizeof(scconf_block));
+ _dst = calloc(1, sizeof(scconf_block));
if (!_dst) {
return NULL;
}
@@ -311,11 +309,10 @@ scconf_list *scconf_list_add(scconf_list ** list, const char *value)
{
scconf_list *rec, **tmp;
- rec = malloc(sizeof(scconf_list));
+ rec = calloc(1, sizeof(scconf_list));
if (!rec) {
return NULL;
}
- memset(rec, 0, sizeof(scconf_list));
rec->data = value ? strdup(value) : NULL;
if (!*list) {
@@ -413,11 +410,10 @@ char *scconf_list_strdup(const scconf_list * list, const char *filler)
}
if (len == 0)
return NULL;
- buf = malloc(len);
+ buf = calloc(1, len);
if (!buf) {
return NULL;
}
- memset(buf, 0, len);
while (list && list->data) {
strcat(buf, list->data);
if (filler) {
diff --git a/src/scconf/sclex.c b/src/scconf/sclex.c
index c5a6758..44b1a47 100644
--- a/src/scconf/sclex.c
+++ b/src/scconf/sclex.c
@@ -45,17 +45,23 @@ static void buf_init(BUFHAN * bp, FILE * fp, const char *saved_string)
bp->fp = fp;
bp->saved_char = 0;
bp->buf = malloc(256);
- bp->bufmax = 256;
+ if (bp->buf) {
+ bp->bufmax = 256;
+ bp->buf[0] = '\0';
+ } else
+ bp->bufmax = 0;
bp->bufcur = 0;
- bp->buf[0] = '\0';
bp->saved_string = saved_string;
}
static void buf_addch(BUFHAN * bp, char ch)
{
if (bp->bufcur >= bp->bufmax) {
+ char *p = (char *) realloc(bp->buf, bp->bufmax + 256);
+ if (!p)
+ return;
bp->bufmax += 256;
- bp->buf = (char *) realloc(bp->buf, bp->bufmax);
+ bp->buf = p;
}
if (bp->buf) {
bp->buf[bp->bufcur++] = ch;
diff --git a/src/tools/opensc-tool.c b/src/tools/opensc-tool.c
index 4523edc..4d7efc7 100644
--- a/src/tools/opensc-tool.c
+++ b/src/tools/opensc-tool.c
@@ -167,7 +167,7 @@ static int opensc_get_conf_entry(const char *config)
key++;
blocks = scconf_find_blocks(ctx->conf, NULL, section, name);
- if (blocks[0])
+ if (blocks && blocks[0])
conf_block = blocks[0];
free(blocks);
if (conf_block != NULL) {
@@ -224,7 +224,7 @@ static int opensc_set_conf_entry(const char *config)
value++;
blocks = scconf_find_blocks(ctx->conf, NULL, section, name);
- if (blocks[0])
+ if (blocks && blocks[0])
conf_block = blocks[0];
free(blocks);
if (conf_block != NULL) {
diff --git a/src/tools/piv-tool.c b/src/tools/piv-tool.c
index 422004c..b272135 100644
--- a/src/tools/piv-tool.c
+++ b/src/tools/piv-tool.c
@@ -213,6 +213,9 @@ static int load_cert(const char * cert_id, const char * cert_file,
derlen = i2d_X509(cert, NULL);
der = malloc(derlen);
+ if (!der) {
+ goto err;
+ }
p = der;
i2d_X509(cert, &p);
}
@@ -485,6 +488,10 @@ int main(int argc, char * const argv[])
case 's':
opt_apdus = (char **) realloc(opt_apdus,
(opt_apdu_count + 1) * sizeof(char *));
+ if (!opt_apdus) {
+ err = 1;
+ goto end;
+ }
opt_apdus[opt_apdu_count] = optarg;
do_send_apdu++;
if (opt_apdu_count == 0)
diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
index 169ee8a..c43c447 100644
--- a/src/tools/pkcs11-tool.c
+++ b/src/tools/pkcs11-tool.c
@@ -1054,7 +1054,7 @@ static void list_slots(int tokens, int refresh, int print)
p11_slots = calloc(p11_num_slots, sizeof(CK_SLOT_ID));
if (p11_slots == NULL) {
perror("calloc failed");
- return;
+ exit(1);
}
rv = p11->C_GetSlotList(tokens, p11_slots, &p11_num_slots);
@@ -4796,7 +4796,7 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session,
encrypted_len = EVP_PKEY_encrypt(encrypted, orig_data, sizeof(orig_data), pkey);
#endif
EVP_PKEY_free(pkey);
- if (encrypted_len <= 0) {
+ if (((int) encrypted_len) <= 0) {
fprintf(stderr, "Encryption failed, returning\n");
return 0;
}
diff --git a/src/tools/pkcs15-tool.c b/src/tools/pkcs15-tool.c
index 04e7618..9841035 100644
--- a/src/tools/pkcs15-tool.c
+++ b/src/tools/pkcs15-tool.c
@@ -888,6 +888,8 @@ static void print_ssh_key(FILE *outf, const char * alg, struct sc_pkcs15_object
int r;
uu = malloc(len*2); // Way over - even if we have extra LFs; as each 6 bits take one byte.
+ if (!uu)
+ return;
if (opt_rfc4716) {
r = sc_base64_encode(buf, len, uu, 2*len, 64);
diff --git a/src/tools/sc-hsm-tool.c b/src/tools/sc-hsm-tool.c
index 029d991..718a8f1 100644
--- a/src/tools/sc-hsm-tool.c
+++ b/src/tools/sc-hsm-tool.c
@@ -250,6 +250,9 @@ static int createShares(const BIGNUM *s, const unsigned char t, const unsigned c
unsigned long i;
secret_share_t *sp;
+ if (!polynomial)
+ return -1;
+
// Set the secret value as the constant part of the polynomial
pp = polynomial;
*pp = BN_new();
@@ -310,6 +313,9 @@ static int reconstructSecret(secret_share_t *shares, unsigned char t, const BIGN
secret_share_t *sp_j;
BN_CTX *ctx;
+ if (!bValue)
+ return -1;
+
// Initialize
pbValue = bValue;
for (i = 0; i < t; i++) {
@@ -656,15 +662,17 @@ static int recreate_password_from_shares(char **pwd, int *pwdlen, int num_of_pas
return -1;
}
+ // Allocate data buffer for the shares
+ shares = malloc(num_of_password_shares * sizeof(secret_share_t));
+ if (!shares)
+ return -1;
+
/*
* Initialize prime and secret
*/
prime = BN_new();
secret = BN_new();
- // Allocate data buffer for the shares
- shares = malloc(num_of_password_shares * sizeof(secret_share_t));
-
printf("\nDeciphering the DKEK for import into the SmartCard-HSM requires %i key custodians", num_of_password_shares);
printf("\nto present their share. Only the first key custodian needs to enter the public prime.");
printf("\nPlease remember to present the share id as well as the share value.");
@@ -733,14 +741,16 @@ static int recreate_password_from_shares(char **pwd, int *pwdlen, int num_of_pas
ip = (unsigned char *) inbuf;
*pwdlen = BN_bn2bin(secret, ip);
*pwd = calloc(1, *pwdlen);
- memcpy(*pwd, ip, *pwdlen);
+ if (*pwd) {
+ memcpy(*pwd, ip, *pwdlen);
+ }
cleanUpShares(shares, num_of_password_shares);
BN_clear_free(prime);
BN_clear_free(secret);
- return 0;
+ return *pwd ? 0 : -1;
}
diff --git a/src/tools/westcos-tool.c b/src/tools/westcos-tool.c
index ea71ba3..186bb66 100644
--- a/src/tools/westcos-tool.c
+++ b/src/tools/westcos-tool.c
@@ -106,7 +106,8 @@ static int do_convert_bignum(sc_pkcs15_bignum_t *dst, const BIGNUM *src)
if (src == 0) return 0;
dst->len = BN_num_bytes(src);
dst->data = malloc(dst->len);
- BN_bn2bin(src, dst->data);
+ if (!dst->data) return 0;
+ if (!BN_bn2bin(src, dst->data)) return 0;
return 1;
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/opensc.git
More information about the pkg-opensc-commit
mailing list