diff -up ./src/coolkey/object.cpp.p15-coverity ./src/coolkey/object.cpp --- ./src/coolkey/object.cpp.p15-coverity 2015-07-06 18:02:34.604191118 -0700 +++ ./src/coolkey/object.cpp 2015-07-06 19:06:04.432062377 -0700 @@ -1558,7 +1558,7 @@ unsigned long GetBits(const CKYByte *ent /* turn the flags into an int */ for (i=0; i < entrySize; i++) { CKYByte c = rev[entry[i]]; - bits = bits | (c << i*8); + bits = bits | (((unsigned long)c) << (i*8)); } return bits | bitFlag; } @@ -1585,8 +1585,8 @@ CKYStatus PK15ObjectPath::setObjectPath( if (entry == NULL) { return CKYINVALIDDATA; } tagSize = entry - current; current += entrySize + tagSize; + if (size < (entrySize + tagSize)) { return CKYINVALIDDATA; } size -= (entrySize +tagSize); - if (size < 0) { return CKYINVALIDDATA; } status = CKYBuffer_Replace(&path, 0, entry, entrySize); if (status != CKYSUCCESS) { return status; @@ -1598,8 +1598,8 @@ CKYStatus PK15ObjectPath::setObjectPath( if (entry == NULL) { return CKYINVALIDDATA; } tagSize = entry - current; current += entrySize + tagSize; + if (size < (entrySize + tagSize)) { return CKYINVALIDDATA; } size -= (entrySize +tagSize); - if (size < 0) { return CKYINVALIDDATA; } if (entrySize > 5) { return CKYINVALIDDATA; } for (index = 0, i=0; i < entrySize; i++) { index = (index << 8) + (unsigned int) entry[i]; @@ -1612,8 +1612,8 @@ CKYStatus PK15ObjectPath::setObjectPath( if (entry == NULL) { return CKYINVALIDDATA; } tagSize = entry - current; current += entrySize + tagSize; + if (size < (entrySize + tagSize)) { return CKYINVALIDDATA; } size -= (entrySize +tagSize); - if (size < 0) { return CKYINVALIDDATA; } if (entrySize > 5) { return CKYINVALIDDATA; } for (length = 0, i=0; i < entrySize; i++) { length = (length << 8) + (unsigned int) entry[i]; @@ -1741,8 +1741,8 @@ set_key_type: /* point current to the next section (cass attributes) */ tagSize = commonAttributes - current; current += commonSize + tagSize; + if (currentSize < (commonSize + tagSize)) { return CKYINVALIDDATA; } currentSize -= (commonSize +tagSize); - if (currentSize < 0) { return CKYINVALIDDATA; } /* get the CKA_LABEL */ if (commonAttributes[0] != ASN1_UTF8_STRING) { return CKYINVALIDDATA; } @@ -1835,8 +1835,8 @@ PK15Object::completeCertObject(const CKY /* point current to the next section (type attributes) */ tagSize = commonCertAttributes - current; current += commonSize + tagSize; + if (currentSize < (commonSize + tagSize)) { return CKYINVALIDDATA; } currentSize -= (commonSize +tagSize); - if (currentSize < 0) { return CKYINVALIDDATA; } /* get the id */ if (commonCertAttributes[0] != ASN1_OCTET_STRING) { return CKYINVALIDDATA; } @@ -1907,8 +1907,8 @@ PK15Object::completeAuthObject(const CKY if (commonAuthAttributes == NULL) { return CKYINVALIDDATA; } tagSize = commonAuthAttributes - current; current += commonSize + tagSize; + if (currentSize < (commonSize + tagSize)) { return CKYINVALIDDATA; } currentSize -= (commonSize + tagSize); - if (currentSize < 0) { return CKYINVALIDDATA; } if (commonAuthAttributes[0] != ASN1_OCTET_STRING) { return CKYINVALIDDATA; } @@ -1930,8 +1930,8 @@ PK15Object::completeAuthObject(const CKY if (commonAuthAttributes == NULL) { return CKYINVALIDDATA; } tagSize = commonAuthAttributes - current; current += commonSize + tagSize; - currentSize -= (commonSize +tagSize); - if (currentSize < 0) { return CKYINVALIDDATA; } + if (currentSize < (commonSize + tagSize)) { return CKYINVALIDDATA; } + currentSize -= (commonSize + tagSize); /* * parse the Pin Auth Attributes * pinFlags BIT_STRING @@ -2093,8 +2093,8 @@ PK15Object::completeKeyObject(const CKYB /* point current to the next section (sublcass attributes) */ tagSize = commonKeyAttributes - current; current += commonSize + tagSize; - currentSize -= (commonSize +tagSize); - if (currentSize < 0) { return CKYINVALIDDATA; } + if (currentSize < (commonSize + tagSize)) { return CKYINVALIDDATA; } + currentSize -= (commonSize + tagSize); /* get the id */ if (commonKeyAttributes[0] != ASN1_OCTET_STRING) { return CKYINVALIDDATA; } @@ -2263,8 +2263,8 @@ CKYStatus PK15Object::completePrivKeyObj /* point current to the next section (type attributes) */ tagSize = commonPrivKeyAttributes - current; current += commonSize + tagSize; + if (currentSize < (commonSize + tagSize)) { return CKYINVALIDDATA; } currentSize -= (commonSize +tagSize); - if (currentSize < 0) { return CKYINVALIDDATA; } /* subjectName */ if (commonPrivKeyAttributes[0] == ASN1_SEQUENCE) { @@ -2385,8 +2385,8 @@ PK15Object::completePubKeyObject(const C /* point current to the next section (type attributes) */ tagSize = commonPubKeyAttributes - current; current += commonSize + tagSize; - currentSize -= (commonSize +tagSize); - if (currentSize < 0) { return CKYINVALIDDATA; } + if (currentSize < (commonSize + tagSize)) { return CKYINVALIDDATA; } + currentSize -= (commonSize + tagSize); /* subjectName */ if (commonPubKeyAttributes[0] == ASN1_SEQUENCE) { @@ -2535,8 +2535,8 @@ PK15Object::completeRawPublicKey(const C if (entry == NULL) { return CKYINVALIDDATA; } tagSize = entry - current; current += entrySize + tagSize; + if (size < (entrySize + tagSize)) { return CKYINVALIDDATA; } size -= (entrySize +tagSize); - if (size < 0) { return CKYINVALIDDATA; } if ((entry[0] == 0) && (entrySize > 1)) { entry++; entrySize--; } @@ -2548,8 +2548,8 @@ PK15Object::completeRawPublicKey(const C if (entry == NULL) { return CKYINVALIDDATA; } tagSize = entry - current; current += entrySize + tagSize; - size -= (entrySize +tagSize); - if (size < 0) { return CKYINVALIDDATA; } + if (size < (entrySize + tagSize)) { return CKYINVALIDDATA; } + size -= (entrySize + tagSize); if ((entry[0] == 0) && (entrySize > 1)) { entry++; entrySize--; } @@ -2682,11 +2682,11 @@ DEREncodedTokenInfo::DEREncodedTokenInfo if (entry == NULL) return; tagSize = entry - current; current += tagSize + entrySize; + if (size < tagSize + entrySize) return; size -= tagSize + entrySize; if (entrySize < 1) { version = *entry; } - if (size < 0) return; /* get the serial number */ if (current[0] != ASN1_OCTET_STRING) { return ; } @@ -2729,6 +2729,8 @@ DEREncodedTokenInfo::DEREncodedTokenInfo } /* parsing flags */ +#ifdef notdef + /* we arn't using this right now, keep it for future reference */ if (current[0] == ASN1_BIT_STRING) { /* recordinfo parsing would go here */ unsigned long bits; @@ -2739,6 +2741,7 @@ DEREncodedTokenInfo::DEREncodedTokenInfo size -= tagSize + entrySize; bits = GetBits(entry, entrySize,8,2); } +#endif return; } diff -up ./src/coolkey/slot.cpp.p15-coverity ./src/coolkey/slot.cpp --- ./src/coolkey/slot.cpp.p15-coverity 2015-07-06 18:02:34.606191081 -0700 +++ ./src/coolkey/slot.cpp 2015-07-06 18:02:34.610191006 -0700 @@ -3714,7 +3714,6 @@ void Slot::attemptP15Login(CK_USER_TYPE user) { PinCache *pinCachePtr = userPinCache(user); - const CKYBuffer *path; if (user == CKU_USER) { loggedIn = false; @@ -3729,7 +3728,6 @@ Slot::attemptP15Login(CK_USER_TYPE user) "No PKCS #15 auth object for user %d\n", user); } - path = auth[user]->getObjectPath().getPath(); status = selectPath(auth[user]->getObjectPath().getPath(), &result); if( status == CKYSCARDERR ) { handleConnectionError(); diff -up ./src/libckyapplet/cky_applet.c.p15-coverity ./src/libckyapplet/cky_applet.c --- ./src/libckyapplet/cky_applet.c.p15-coverity 2015-07-06 18:02:34.606191081 -0700 +++ ./src/libckyapplet/cky_applet.c 2015-07-06 18:02:34.610191006 -0700 @@ -1361,6 +1361,9 @@ P15Applet_SignDecrypt(CKYCardConnection appendLength = length; } else { ret = CKYBuffer_Reserve(&tmp, length); + if (ret != CKYSUCCESS) { + goto done; + } } CKYBuffer_AppendBuffer(&tmp, data, offset, appendLength); pso.chain = 0; diff -up ./src/libckyapplet/cky_base.c.p15-coverity ./src/libckyapplet/cky_base.c --- ./src/libckyapplet/cky_base.c.p15-coverity 2015-07-06 18:02:34.607191062 -0700 +++ ./src/libckyapplet/cky_base.c 2015-07-06 18:02:34.610191006 -0700 @@ -736,7 +736,7 @@ CKYAPDU_SetShortReceiveLen(CKYAPDU *apdu CKYStatus ret; if (recvlen <= CKYAPDU_MAX_DATA_LEN) { - return APDU_SetReceiveLen(apdu, (CKYByte)(recvlen & 0xff)); + return CKYAPDU_SetReceiveLen(apdu, (CKYByte)(recvlen & 0xff)); } ret = CKYBuffer_Resize(&apdu->apduBuf, CKYAPDU_HEADER_LEN+2); if (ret != CKYSUCCESS) {