|
 |
0c9295 |
From 15163e6212aaf6b2dd5d7b432e5b13ca39496110 Mon Sep 17 00:00:00 2001
|
|
|
0c9295 |
From: Jakub Jelen <jjelen@redhat.com>
|
|
|
0c9295 |
Date: Tue, 28 Feb 2017 16:12:31 +0100
|
|
|
0c9295 |
Subject: [PATCH 1/3] Coverity fixes for:
|
|
|
0c9295 |
|
|
|
0c9295 |
card-cac.c
|
|
|
0c9295 |
* CLANG_WARNING: The left operand of '<' is a garbage value
|
|
|
0c9295 |
card-coolkey.c
|
|
|
0c9295 |
* CLANG_WARNING: overwriting variable
|
|
|
0c9295 |
* CPPCHECK_WARNING: memory leak / overwrite variable
|
|
|
0c9295 |
* CLANG_WARNING: null pointer dereference
|
|
|
0c9295 |
* UNUSED_VALUE: unused return value
|
|
|
0c9295 |
card-gids.c
|
|
|
0c9295 |
* CLANG_WARNING: Branch condition evaluates to a garbage value
|
|
|
0c9295 |
* SIZEOF_MISMATCH: suspicious_sizeof
|
|
|
0c9295 |
card-myeid.c
|
|
|
0c9295 |
* RESOURCE_LEAK: Variable "buf" going out of scope leaks the storage it points to.
|
|
|
0c9295 |
* CLANG_WARNING: overwriting variable
|
|
|
0c9295 |
* (rewrite not to confuse coverity)
|
|
|
0c9295 |
pkcs15-cac.c
|
|
|
0c9295 |
* RESOURCE_LEAK: Variable "cert_out" going out of scope leaks the storage it points to.
|
|
|
0c9295 |
pkcs15-coolkey.c
|
|
|
0c9295 |
* UNUSED_VALUE: unused return value
|
|
|
0c9295 |
pkcs15-piv.c
|
|
|
0c9295 |
* RESOURCE_LEAK: Variable "cert_out" going out of scope leaks the storage it points to.
|
|
|
0c9295 |
pkcs15-sc-hsm.c
|
|
|
0c9295 |
* DEADCODE
|
|
|
0c9295 |
pkcs11/framework-pkcs15.c
|
|
|
0c9295 |
* RESOURCE_LEAK: Variable "p15_cert" going out of scope leaks the storage it points to.
|
|
|
0c9295 |
pkcs15init/pkcs15-lib.c
|
|
|
0c9295 |
* CLANG_WARNING: Assigned value is garbage or undefined
|
|
|
0c9295 |
pkcs15init/pkcs15-myeid.c
|
|
|
0c9295 |
* UNREACHABLE: Probably wrong placement of code block
|
|
|
0c9295 |
tests/p15dump.c
|
|
|
0c9295 |
* IDENTICAL_BRANCHES
|
|
|
0c9295 |
pkcs15-init.c
|
|
|
0c9295 |
* CLANG_WARNING: Potential leak of memory pointed to by 'args.der_encoded.value'
|
|
|
0c9295 |
pkcs15-tool.c
|
|
|
0c9295 |
* RESOURCE_LEAK: Variable "cert" going out of scope leaks the storage it points to.
|
|
|
0c9295 |
* MISSING_BREAK: The above case falls through to this one.
|
|
|
0c9295 |
sc-hsm-tool.c
|
|
|
0c9295 |
* CLANG_WARNING: Potential leak of memory pointed to by 'sp'
|
|
|
0c9295 |
westcos-tool.c
|
|
|
0c9295 |
* FORWARD_NULL: Passing null pointer "pin" to "unlock_pin", which dereferences it.
|
|
|
0c9295 |
* (rewrite not to confuse coverity)
|
|
|
0c9295 |
---
|
|
|
0c9295 |
src/libopensc/card-cac.c | 2 +-
|
|
|
0c9295 |
src/libopensc/card-coolkey.c | 7 +++++--
|
|
|
0c9295 |
src/libopensc/card-entersafe.c | 2 +-
|
|
|
0c9295 |
src/libopensc/card-gids.c | 7 ++++++-
|
|
|
0c9295 |
src/libopensc/card-myeid.c | 20 ++++++++++++--------
|
|
|
0c9295 |
src/libopensc/iso7816.c | 1 +
|
|
|
0c9295 |
src/libopensc/pkcs15-cac.c | 5 ++++-
|
|
|
0c9295 |
src/libopensc/pkcs15-coolkey.c | 2 ++
|
|
|
0c9295 |
src/libopensc/pkcs15-piv.c | 3 ++-
|
|
|
0c9295 |
src/libopensc/pkcs15-sc-hsm.c | 6 ++----
|
|
|
0c9295 |
src/pkcs11/framework-pkcs15.c | 7 ++++++-
|
|
|
0c9295 |
src/pkcs15init/pkcs15-lib.c | 2 +-
|
|
|
0c9295 |
src/pkcs15init/pkcs15-myeid.c | 4 ++--
|
|
|
0c9295 |
src/tests/p15dump.c | 3 +--
|
|
|
0c9295 |
src/tools/pkcs15-init.c | 4 +++-
|
|
|
0c9295 |
src/tools/pkcs15-tool.c | 11 ++++++++---
|
|
|
0c9295 |
src/tools/sc-hsm-tool.c | 2 ++
|
|
|
0c9295 |
src/tools/westcos-tool.c | 6 +++---
|
|
|
0c9295 |
18 files changed, 62 insertions(+), 32 deletions(-)
|
|
|
0c9295 |
|
|
|
0c9295 |
diff --git a/src/libopensc/card-cac.c b/src/libopensc/card-cac.c
|
|
|
0c9295 |
index d5f8585..788fb52 100644
|
|
|
0c9295 |
--- a/src/libopensc/card-cac.c
|
|
|
0c9295 |
+++ b/src/libopensc/card-cac.c
|
|
|
0c9295 |
@@ -467,7 +467,7 @@ static int cac_cac1_get_certificate(sc_card_t *card, u8 **out_buf, size_t *out_l
|
|
|
0c9295 |
size_t left = 0;
|
|
|
0c9295 |
size_t len, next_len;
|
|
|
0c9295 |
sc_apdu_t apdu;
|
|
|
0c9295 |
- int r;
|
|
|
0c9295 |
+ int r = SC_SUCCESS;
|
|
|
0c9295 |
|
|
|
0c9295 |
|
|
|
0c9295 |
/* get the size */
|
|
|
0c9295 |
diff --git a/src/libopensc/card-coolkey.c b/src/libopensc/card-coolkey.c
|
|
|
0c9295 |
index c44febe..7672028 100644
|
|
|
0c9295 |
--- a/src/libopensc/card-coolkey.c
|
|
|
0c9295 |
+++ b/src/libopensc/card-coolkey.c
|
|
|
0c9295 |
@@ -1369,7 +1369,7 @@ coolkey_fill_object(sc_card_t *card, sc_cardctl_coolkey_object_t *obj)
|
|
|
0c9295 |
{
|
|
|
0c9295 |
int r;
|
|
|
0c9295 |
size_t buf_len = obj->length;
|
|
|
0c9295 |
- u8 *new_obj_data = malloc(buf_len);
|
|
|
0c9295 |
+ u8 *new_obj_data = NULL;
|
|
|
0c9295 |
sc_cardctl_coolkey_object_t *obj_entry;
|
|
|
0c9295 |
coolkey_private_data_t * priv = COOLKEY_DATA(card);
|
|
|
0c9295 |
|
|
|
0c9295 |
@@ -1413,7 +1413,7 @@ coolkey_find_attribute(sc_card_t *card, sc_cardctl_coolkey_attribute_t *attribut
|
|
|
0c9295 |
const u8 *obj = attribute->object->data;
|
|
|
0c9295 |
const u8 *attr = NULL;
|
|
|
0c9295 |
size_t buf_len = attribute->object->length;
|
|
|
0c9295 |
- coolkey_object_header_t *object_head = (coolkey_object_header_t *)obj;
|
|
|
0c9295 |
+ coolkey_object_header_t *object_head;
|
|
|
0c9295 |
int attribute_count,i;
|
|
|
0c9295 |
attribute->attribute_data_type = SC_CARDCTL_COOLKEY_ATTR_TYPE_STRING;
|
|
|
0c9295 |
attribute->attribute_length = 0;
|
|
|
0c9295 |
@@ -1434,6 +1434,7 @@ coolkey_find_attribute(sc_card_t *card, sc_cardctl_coolkey_attribute_t *attribut
|
|
|
0c9295 |
if (buf_len <= sizeof(coolkey_v0_object_header_t)) {
|
|
|
0c9295 |
return SC_ERROR_CORRUPTED_DATA;
|
|
|
0c9295 |
}
|
|
|
0c9295 |
+ object_head = (coolkey_object_header_t *)obj;
|
|
|
0c9295 |
object_record_type = object_head->record_type;
|
|
|
0c9295 |
/* make sure it's a type we recognize */
|
|
|
0c9295 |
if ((object_record_type != COOLKEY_V1_OBJECT) && (object_record_type != COOLKEY_V0_OBJECT)) {
|
|
|
0c9295 |
@@ -2183,6 +2184,8 @@ static int coolkey_initialize(sc_card_t *card)
|
|
|
0c9295 |
continue;
|
|
|
0c9295 |
}
|
|
|
0c9295 |
r = coolkey_add_object(priv, object_id, NULL, object_len, 0);
|
|
|
0c9295 |
+ if (r != SC_SUCCESS)
|
|
|
0c9295 |
+ sc_log(card->ctx, "coolkey_add_object() returned %d", r);
|
|
|
0c9295 |
|
|
|
0c9295 |
}
|
|
|
0c9295 |
if (r != SC_ERROR_FILE_END_REACHED) {
|
|
|
0c9295 |
diff --git a/src/libopensc/card-entersafe.c b/src/libopensc/card-entersafe.c
|
|
|
0c9295 |
index 6e18252..1fe4102 100644
|
|
|
0c9295 |
--- a/src/libopensc/card-entersafe.c
|
|
|
0c9295 |
+++ b/src/libopensc/card-entersafe.c
|
|
|
0c9295 |
@@ -487,7 +487,7 @@ static int entersafe_select_fid(sc_card_t *card,
|
|
|
0c9295 |
sc_file_t **file_out)
|
|
|
0c9295 |
{
|
|
|
0c9295 |
int r;
|
|
|
0c9295 |
- sc_file_t *file=0;
|
|
|
0c9295 |
+ sc_file_t *file = NULL;
|
|
|
0c9295 |
sc_path_t path;
|
|
|
0c9295 |
|
|
|
0c9295 |
memset(&path, 0, sizeof(sc_path_t));
|
|
|
0c9295 |
diff --git a/src/libopensc/card-gids.c b/src/libopensc/card-gids.c
|
|
|
0c9295 |
index 51db9af..4db09f5 100644
|
|
|
0c9295 |
--- a/src/libopensc/card-gids.c
|
|
|
0c9295 |
+++ b/src/libopensc/card-gids.c
|
|
|
0c9295 |
@@ -668,6 +668,7 @@ static int gids_get_crypto_identifier_from_key_ref(sc_card_t *card, const unsign
|
|
|
0c9295 |
if (index >= recordsnum) {
|
|
|
0c9295 |
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS);
|
|
|
0c9295 |
}
|
|
|
0c9295 |
+ *cryptoidentifier = 0x00; /* initialize to zero */
|
|
|
0c9295 |
if (records[index].wKeyExchangeKeySizeBits == 1024 || records[index].wSigKeySizeBits == 1024) {
|
|
|
0c9295 |
*cryptoidentifier = GIDS_RSA_1024_IDENTIFIER;
|
|
|
0c9295 |
return SC_SUCCESS;
|
|
|
0c9295 |
@@ -878,12 +879,16 @@ static int gids_read_public_key (struct sc_card *card , unsigned int algorithm,
|
|
|
0c9295 |
if (keydata != NULL) {
|
|
|
0c9295 |
rsa_key.modulus.data = (u8*) keydata;
|
|
|
0c9295 |
rsa_key.modulus.len = len;
|
|
|
0c9295 |
+ } else {
|
|
|
0c9295 |
+ rsa_key.modulus.len = 0;
|
|
|
0c9295 |
}
|
|
|
0c9295 |
|
|
|
0c9295 |
keydata = sc_asn1_find_tag(card->ctx, keytemplate, tlen, GIDS_PUBKEY_TAG_EXPONENT, &len;;
|
|
|
0c9295 |
if (keydata != NULL) {
|
|
|
0c9295 |
rsa_key.exponent.data = (u8*) keydata;
|
|
|
0c9295 |
rsa_key.exponent.len = len;
|
|
|
0c9295 |
+ } else {
|
|
|
0c9295 |
+ rsa_key.exponent.len = 0;
|
|
|
0c9295 |
}
|
|
|
0c9295 |
|
|
|
0c9295 |
if (rsa_key.exponent.len && rsa_key.modulus.len) {
|
|
|
0c9295 |
@@ -1453,7 +1458,7 @@ static int gids_import_key(sc_card_t *card, sc_pkcs15_object_t *object, sc_pkcs1
|
|
|
0c9295 |
SC_TEST_GOTO_ERR(card->ctx, SC_LOG_DEBUG_NORMAL, r, "unable to put the private key - key greater than 2048 bits ?");
|
|
|
0c9295 |
r = SC_SUCCESS;
|
|
|
0c9295 |
err:
|
|
|
0c9295 |
- sc_mem_clear(buffer, sizeof(buffer));
|
|
|
0c9295 |
+ sc_mem_clear(buffer, buflen);
|
|
|
0c9295 |
LOG_FUNC_RETURN(card->ctx, r);
|
|
|
0c9295 |
}
|
|
|
0c9295 |
|
|
|
0c9295 |
diff --git a/src/libopensc/card-myeid.c b/src/libopensc/card-myeid.c
|
|
|
0c9295 |
index 0e75486..65c108f 100644
|
|
|
0c9295 |
--- a/src/libopensc/card-myeid.c
|
|
|
0c9295 |
+++ b/src/libopensc/card-myeid.c
|
|
|
0c9295 |
@@ -846,20 +846,24 @@ myeid_convert_ec_signature(struct sc_context *ctx, size_t s_len, unsigned char *
|
|
|
0c9295 |
if (sig_len != (datalen - len_size - 1)) /* validate size of the DER structure */
|
|
|
0c9295 |
return SC_ERROR_INVALID_DATA;
|
|
|
0c9295 |
|
|
|
0c9295 |
- buf = calloc(1, (s_len + 7)/8*2);
|
|
|
0c9295 |
+ /* test&fail early */
|
|
|
0c9295 |
+ buflen = (s_len + 7)/8*2;
|
|
|
0c9295 |
+ if (buflen > datalen)
|
|
|
0c9295 |
+ LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA);
|
|
|
0c9295 |
+
|
|
|
0c9295 |
+ buf = calloc(1, buflen);
|
|
|
0c9295 |
if (!buf)
|
|
|
0c9295 |
LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
|
|
|
0c9295 |
- buflen = (s_len + 7)/8*2;
|
|
|
0c9295 |
|
|
|
0c9295 |
r = sc_asn1_sig_value_sequence_to_rs(ctx, data, datalen, buf, buflen);
|
|
|
0c9295 |
- if (r < 0)
|
|
|
0c9295 |
+ if (r < 0) {
|
|
|
0c9295 |
free(buf);
|
|
|
0c9295 |
- LOG_TEST_RET(ctx, r, "Failed to cenvert Sig-Value to the raw RS format");
|
|
|
0c9295 |
-
|
|
|
0c9295 |
- if (buflen > datalen)
|
|
|
0c9295 |
- LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA);
|
|
|
0c9295 |
+ sc_log(ctx, "Failed to convert Sig-Value to the raw RS format");
|
|
|
0c9295 |
+ return r;
|
|
|
0c9295 |
+ }
|
|
|
0c9295 |
|
|
|
0c9295 |
memmove(data, buf, buflen);
|
|
|
0c9295 |
+ free(buf);
|
|
|
0c9295 |
return buflen;
|
|
|
0c9295 |
}
|
|
|
0c9295 |
|
|
|
0c9295 |
@@ -868,7 +872,7 @@ static int
|
|
|
0c9295 |
myeid_compute_signature(struct sc_card *card, const u8 * data, size_t datalen,
|
|
|
0c9295 |
u8 * out, size_t outlen)
|
|
|
0c9295 |
{
|
|
|
0c9295 |
- struct sc_context *ctx = card->ctx;
|
|
|
0c9295 |
+ struct sc_context *ctx;
|
|
|
0c9295 |
struct sc_apdu apdu;
|
|
|
0c9295 |
u8 rbuf[SC_MAX_APDU_BUFFER_SIZE];
|
|
|
0c9295 |
u8 sbuf[SC_MAX_APDU_BUFFER_SIZE];
|
|
|
0c9295 |
diff --git a/src/libopensc/iso7816.c b/src/libopensc/iso7816.c
|
|
|
0c9295 |
index 296cf69..2539d1c 100644
|
|
|
0c9295 |
--- a/src/libopensc/iso7816.c
|
|
|
0c9295 |
+++ b/src/libopensc/iso7816.c
|
|
|
0c9295 |
@@ -392,6 +392,7 @@ iso7816_process_fci(struct sc_card *card, struct sc_file *file,
|
|
|
0c9295 |
sc_log(ctx, " type: %s", type);
|
|
|
0c9295 |
sc_log(ctx, " EF structure: %d", byte & 0x07);
|
|
|
0c9295 |
sc_log(ctx, " tag 0x82: 0x%02x", byte);
|
|
|
0c9295 |
+ /* FIXME: check return value? */
|
|
|
0c9295 |
sc_file_set_type_attr(file, &byte, 1);
|
|
|
0c9295 |
}
|
|
|
0c9295 |
}
|
|
|
0c9295 |
diff --git a/src/libopensc/pkcs15-cac.c b/src/libopensc/pkcs15-cac.c
|
|
|
0c9295 |
index 4894fe4..e0fa50b 100644
|
|
|
0c9295 |
--- a/src/libopensc/pkcs15-cac.c
|
|
|
0c9295 |
+++ b/src/libopensc/pkcs15-cac.c
|
|
|
0c9295 |
@@ -292,7 +292,7 @@ static int sc_pkcs15emu_cac_init(sc_pkcs15_card_t *p15card)
|
|
|
0c9295 |
struct sc_pkcs15_object pubkey_obj;
|
|
|
0c9295 |
struct sc_pkcs15_object prkey_obj;
|
|
|
0c9295 |
sc_pkcs15_der_t cert_der;
|
|
|
0c9295 |
- sc_pkcs15_cert_t *cert_out;
|
|
|
0c9295 |
+ sc_pkcs15_cert_t *cert_out = NULL;
|
|
|
0c9295 |
|
|
|
0c9295 |
r = (card->ops->card_ctl)(card, SC_CARDCTL_CAC_GET_NEXT_CERT_OBJECT, &obj_info);
|
|
|
0c9295 |
|
|
|
0c9295 |
@@ -352,12 +352,14 @@ static int sc_pkcs15emu_cac_init(sc_pkcs15_card_t *p15card)
|
|
|
0c9295 |
r = sc_pkcs15_read_certificate(p15card, &cert_info, &cert_out);
|
|
|
0c9295 |
if (r < 0 || cert_out->key == NULL) {
|
|
|
0c9295 |
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Failed to read/parse the certificate r=%d",r);
|
|
|
0c9295 |
+ sc_pkcs15_free_certificate(cert_out);
|
|
|
0c9295 |
continue;
|
|
|
0c9295 |
}
|
|
|
0c9295 |
|
|
|
0c9295 |
r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info);
|
|
|
0c9295 |
if (r < 0) {
|
|
|
0c9295 |
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, " Failed to add cert obj r=%d",r);
|
|
|
0c9295 |
+ sc_pkcs15_free_certificate(cert_out);
|
|
|
0c9295 |
continue;
|
|
|
0c9295 |
}
|
|
|
0c9295 |
/* set the token name to the name of the CN of the first certificate */
|
|
|
0c9295 |
@@ -393,6 +395,7 @@ static int sc_pkcs15emu_cac_init(sc_pkcs15_card_t *p15card)
|
|
|
0c9295 |
usage, pubkey_info.usage, prkey_info.usage);
|
|
|
0c9295 |
if (cert_out->key->algorithm != SC_ALGORITHM_RSA) {
|
|
|
0c9295 |
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"unsupported key.algorithm %d", cert_out->key->algorithm);
|
|
|
0c9295 |
+ sc_pkcs15_free_certificate(cert_out);
|
|
|
0c9295 |
continue;
|
|
|
0c9295 |
} else {
|
|
|
0c9295 |
pubkey_info.modulus_length = cert_out->key->u.rsa.modulus.len * 8;
|
|
|
0c9295 |
diff --git a/src/libopensc/pkcs15-coolkey.c b/src/libopensc/pkcs15-coolkey.c
|
|
|
0c9295 |
index 487be19..de4920b 100644
|
|
|
0c9295 |
--- a/src/libopensc/pkcs15-coolkey.c
|
|
|
0c9295 |
+++ b/src/libopensc/pkcs15-coolkey.c
|
|
|
0c9295 |
@@ -667,6 +667,8 @@ static int sc_pkcs15emu_coolkey_init(sc_pkcs15_card_t *p15card)
|
|
|
0c9295 |
}
|
|
|
0c9295 |
|
|
|
0c9295 |
r = sc_pkcs15emu_object_add(p15card, obj_type, &obj_obj, obj_info);
|
|
|
0c9295 |
+ if (r != SC_SUCCESS)
|
|
|
0c9295 |
+ sc_log(card->ctx, "sc_pkcs15emu_object_add() returned %d", r);
|
|
|
0c9295 |
fail:
|
|
|
0c9295 |
if (key) { sc_pkcs15_free_pubkey(key); }
|
|
|
0c9295 |
|
|
|
0c9295 |
diff --git a/src/libopensc/pkcs15-piv.c b/src/libopensc/pkcs15-piv.c
|
|
|
0c9295 |
index bf72df0..5bd0fdf 100644
|
|
|
0c9295 |
--- a/src/libopensc/pkcs15-piv.c
|
|
|
0c9295 |
+++ b/src/libopensc/pkcs15-piv.c
|
|
|
0c9295 |
@@ -710,7 +710,7 @@ static int sc_pkcs15emu_piv_init(sc_pkcs15_card_t *p15card)
|
|
|
0c9295 |
struct sc_pkcs15_cert_info cert_info;
|
|
|
0c9295 |
struct sc_pkcs15_object cert_obj;
|
|
|
0c9295 |
sc_pkcs15_der_t cert_der;
|
|
|
0c9295 |
- sc_pkcs15_cert_t *cert_out;
|
|
|
0c9295 |
+ sc_pkcs15_cert_t *cert_out = NULL;
|
|
|
0c9295 |
|
|
|
0c9295 |
ckis[i].cert_found = 0;
|
|
|
0c9295 |
ckis[i].key_alg = -1;
|
|
|
0c9295 |
@@ -761,6 +761,7 @@ static int sc_pkcs15emu_piv_init(sc_pkcs15_card_t *p15card)
|
|
|
0c9295 |
r = sc_pkcs15_read_certificate(p15card, &cert_info, &cert_out);
|
|
|
0c9295 |
if (r < 0 || cert_out->key == NULL) {
|
|
|
0c9295 |
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Failed to read/parse the certificate r=%d",r);
|
|
|
0c9295 |
+ sc_pkcs15_free_certificate(cert_out);
|
|
|
0c9295 |
continue;
|
|
|
0c9295 |
}
|
|
|
0c9295 |
/*
|
|
|
0c9295 |
diff --git a/src/libopensc/pkcs15-sc-hsm.c b/src/libopensc/pkcs15-sc-hsm.c
|
|
|
0c9295 |
index 938ea9d..3f6b6e4 100644
|
|
|
0c9295 |
--- a/src/libopensc/pkcs15-sc-hsm.c
|
|
|
0c9295 |
+++ b/src/libopensc/pkcs15-sc-hsm.c
|
|
|
0c9295 |
@@ -460,6 +460,7 @@ static int sc_pkcs15emu_sc_hsm_get_ec_public_key(struct sc_context *ctx, sc_cvc_
|
|
|
0c9295 |
memcpy(pubkey->u.ec.params.der.value, ecp->der.value, ecp->der.len);
|
|
|
0c9295 |
pubkey->u.ec.params.der.len = ecp->der.len;
|
|
|
0c9295 |
|
|
|
0c9295 |
+ /* FIXME: check return value? */
|
|
|
0c9295 |
sc_pkcs15_fix_ec_parameters(ctx, &pubkey->u.ec.params);
|
|
|
0c9295 |
|
|
|
0c9295 |
return SC_SUCCESS;
|
|
|
0c9295 |
@@ -627,11 +628,8 @@ static int sc_pkcs15emu_sc_hsm_add_prkd(sc_pkcs15_card_t * p15card, u8 keyid) {
|
|
|
0c9295 |
|
|
|
0c9295 |
len = sizeof efbin;
|
|
|
0c9295 |
r = read_file(p15card, fid, efbin, &len;;
|
|
|
0c9295 |
- LOG_TEST_RET(card->ctx, r, "Could not read EF");
|
|
|
0c9295 |
|
|
|
0c9295 |
- if (r < 0) {
|
|
|
0c9295 |
- return SC_SUCCESS;
|
|
|
0c9295 |
- }
|
|
|
0c9295 |
+ LOG_TEST_RET(card->ctx, r, "Could not read EF");
|
|
|
0c9295 |
|
|
|
0c9295 |
if (efbin[0] == 0x67) { /* Decode CSR and create public key object */
|
|
|
0c9295 |
sc_pkcs15emu_sc_hsm_add_pubkey(p15card, efbin, len, key_info, prkd.label);
|
|
|
0c9295 |
diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
|
|
|
0c9295 |
index 0c89d47..732e1e5 100644
|
|
|
0c9295 |
--- a/src/pkcs11/framework-pkcs15.c
|
|
|
0c9295 |
+++ b/src/pkcs11/framework-pkcs15.c
|
|
|
0c9295 |
@@ -571,8 +571,11 @@ __pkcs15_create_cert_object(struct pkcs15_fw_data *fw_data, struct sc_pkcs15_obj
|
|
|
0c9295 |
/* Certificate object */
|
|
|
0c9295 |
rv = __pkcs15_create_object(fw_data, (struct pkcs15_any_object **) &object,
|
|
|
0c9295 |
cert, &pkcs15_cert_ops, sizeof(struct pkcs15_cert_object));
|
|
|
0c9295 |
- if (rv < 0)
|
|
|
0c9295 |
+ if (rv < 0) {
|
|
|
0c9295 |
+ if (p15_cert != NULL)
|
|
|
0c9295 |
+ sc_pkcs15_free_certificate(p15_cert);
|
|
|
0c9295 |
return rv;
|
|
|
0c9295 |
+ }
|
|
|
0c9295 |
|
|
|
0c9295 |
object->cert_info = p15_info;
|
|
|
0c9295 |
object->cert_data = p15_cert;
|
|
|
0c9295 |
@@ -643,6 +646,8 @@ __pkcs15_create_pubkey_object(struct pkcs15_fw_data *fw_data,
|
|
|
0c9295 |
object->pub_data = p15_key;
|
|
|
0c9295 |
if (p15_key && object->pub_info->modulus_length == 0 && p15_key->algorithm == SC_ALGORITHM_RSA)
|
|
|
0c9295 |
object->pub_info->modulus_length = 8 * p15_key->u.rsa.modulus.len;
|
|
|
0c9295 |
+ } else if (pubkey->emulated && (fw_data->p15_card->flags & SC_PKCS15_CARD_FLAG_EMULATED)) {
|
|
|
0c9295 |
+ sc_pkcs15_free_pubkey(p15_key);
|
|
|
0c9295 |
}
|
|
|
0c9295 |
|
|
|
0c9295 |
if (pubkey_object != NULL)
|
|
|
0c9295 |
diff --git a/src/pkcs15init/pkcs15-lib.c b/src/pkcs15init/pkcs15-lib.c
|
|
|
0c9295 |
index c2fc2df..d1558e2 100644
|
|
|
0c9295 |
--- a/src/pkcs15init/pkcs15-lib.c
|
|
|
0c9295 |
+++ b/src/pkcs15init/pkcs15-lib.c
|
|
|
0c9295 |
@@ -760,7 +760,7 @@ sc_pkcs15init_add_app(struct sc_card *card, struct sc_profile *profile,
|
|
|
0c9295 |
struct sc_pkcs15_object *pin_obj = NULL;
|
|
|
0c9295 |
struct sc_app_info *app;
|
|
|
0c9295 |
struct sc_file *df = profile->df_info->file;
|
|
|
0c9295 |
- int r;
|
|
|
0c9295 |
+ int r = SC_SUCCESS;
|
|
|
0c9295 |
|
|
|
0c9295 |
LOG_FUNC_CALLED(ctx);
|
|
|
0c9295 |
p15card->card = card;
|
|
|
0c9295 |
diff --git a/src/pkcs15init/pkcs15-myeid.c b/src/pkcs15init/pkcs15-myeid.c
|
|
|
0c9295 |
index 9ed515d..6c93545 100644
|
|
|
0c9295 |
--- a/src/pkcs15init/pkcs15-myeid.c
|
|
|
0c9295 |
+++ b/src/pkcs15init/pkcs15-myeid.c
|
|
|
0c9295 |
@@ -510,10 +510,10 @@ myeid_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|
|
0c9295 |
keybits = key_info->field_length;
|
|
|
0c9295 |
else
|
|
|
0c9295 |
key_info->field_length = keybits;
|
|
|
0c9295 |
- break;
|
|
|
0c9295 |
-
|
|
|
0c9295 |
+
|
|
|
0c9295 |
if (sc_card_find_ec_alg(p15card->card, keybits, &prkey->u.ec.params.id) == NULL)
|
|
|
0c9295 |
LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Unsupported algorithm or key size");
|
|
|
0c9295 |
+ break;
|
|
|
0c9295 |
default:
|
|
|
0c9295 |
LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Store key failed: Unsupported key type");
|
|
|
0c9295 |
break;
|
|
|
0c9295 |
diff --git a/src/tests/p15dump.c b/src/tests/p15dump.c
|
|
|
0c9295 |
index 17ab86b..da8b4a3 100644
|
|
|
0c9295 |
--- a/src/tests/p15dump.c
|
|
|
0c9295 |
+++ b/src/tests/p15dump.c
|
|
|
0c9295 |
@@ -30,8 +30,7 @@ static int dump_objects(const char *what, int type)
|
|
|
0c9295 |
printf("failed.\n");
|
|
|
0c9295 |
fprintf(stderr, "Error enumerating %s: %s\n",
|
|
|
0c9295 |
what, sc_strerror(count));
|
|
|
0c9295 |
- if (SC_SUCCESS != sc_unlock(card))
|
|
|
0c9295 |
- return 1;
|
|
|
0c9295 |
+ sc_unlock(card);
|
|
|
0c9295 |
return 1;
|
|
|
0c9295 |
}
|
|
|
0c9295 |
if (count == 0) {
|
|
|
0c9295 |
diff --git a/src/tools/pkcs15-init.c b/src/tools/pkcs15-init.c
|
|
|
0c9295 |
index a1b183d..a4fb1a9 100644
|
|
|
0c9295 |
--- a/src/tools/pkcs15-init.c
|
|
|
0c9295 |
+++ b/src/tools/pkcs15-init.c
|
|
|
0c9295 |
@@ -1318,8 +1318,10 @@ do_store_data_object(struct sc_profile *profile)
|
|
|
0c9295 |
args.der_encoded.value = data;
|
|
|
0c9295 |
args.der_encoded.len = datalen;
|
|
|
0c9295 |
r = sc_lock(p15card->card);
|
|
|
0c9295 |
- if (r < 0)
|
|
|
0c9295 |
+ if (r < 0) {
|
|
|
0c9295 |
+ free(data);
|
|
|
0c9295 |
return r;
|
|
|
0c9295 |
+ }
|
|
|
0c9295 |
r = sc_pkcs15init_store_data_object(p15card, profile, &args, NULL);
|
|
|
0c9295 |
sc_unlock(p15card->card);
|
|
|
0c9295 |
}
|
|
|
0c9295 |
diff --git a/src/tools/pkcs15-tool.c b/src/tools/pkcs15-tool.c
|
|
|
0c9295 |
index 092b9d9..e146753 100644
|
|
|
0c9295 |
--- a/src/tools/pkcs15-tool.c
|
|
|
0c9295 |
+++ b/src/tools/pkcs15-tool.c
|
|
|
0c9295 |
@@ -793,15 +793,18 @@ static int read_public_key(void)
|
|
|
0c9295 |
|
|
|
0c9295 |
if (r == SC_ERROR_OBJECT_NOT_FOUND) {
|
|
|
0c9295 |
fprintf(stderr, "Public key with ID '%s' not found.\n", opt_pubkey);
|
|
|
0c9295 |
- return 2;
|
|
|
0c9295 |
+ r = 2;
|
|
|
0c9295 |
+ goto out;
|
|
|
0c9295 |
}
|
|
|
0c9295 |
if (r < 0) {
|
|
|
0c9295 |
fprintf(stderr, "Public key enumeration failed: %s\n", sc_strerror(r));
|
|
|
0c9295 |
- return 1;
|
|
|
0c9295 |
+ r = 1;
|
|
|
0c9295 |
+ goto out;
|
|
|
0c9295 |
}
|
|
|
0c9295 |
if (!pubkey) {
|
|
|
0c9295 |
fprintf(stderr, "Public key not available\n");
|
|
|
0c9295 |
- return 1;
|
|
|
0c9295 |
+ r = 1;
|
|
|
0c9295 |
+ goto out;
|
|
|
0c9295 |
}
|
|
|
0c9295 |
|
|
|
0c9295 |
r = sc_pkcs15_encode_pubkey_as_spki(ctx, pubkey, &pem_key.value, &pem_key.len);
|
|
|
0c9295 |
@@ -813,6 +816,7 @@ static int read_public_key(void)
|
|
|
0c9295 |
free(pem_key.value);
|
|
|
0c9295 |
}
|
|
|
0c9295 |
|
|
|
0c9295 |
+out:
|
|
|
0c9295 |
if (cert)
|
|
|
0c9295 |
sc_pkcs15_free_certificate(cert);
|
|
|
0c9295 |
else if (pubkey)
|
|
|
0c9295 |
@@ -2097,6 +2101,7 @@ int main(int argc, char * const argv[])
|
|
|
0c9295 |
break;
|
|
|
0c9295 |
case OPT_USE_PINPAD_DEPRECATED:
|
|
|
0c9295 |
fprintf(stderr, "'--no-prompt' is deprecated , use '--use-pinpad' instead.\n");
|
|
|
0c9295 |
+ /* fallthrough */
|
|
|
0c9295 |
case OPT_USE_PINPAD:
|
|
|
0c9295 |
opt_use_pinpad = 1;
|
|
|
0c9295 |
break;
|
|
|
0c9295 |
diff --git a/src/tools/sc-hsm-tool.c b/src/tools/sc-hsm-tool.c
|
|
|
0c9295 |
index cce855f..029d991 100644
|
|
|
0c9295 |
--- a/src/tools/sc-hsm-tool.c
|
|
|
0c9295 |
+++ b/src/tools/sc-hsm-tool.c
|
|
|
0c9295 |
@@ -697,6 +697,7 @@ static int recreate_password_from_shares(char **pwd, int *pwdlen, int num_of_pas
|
|
|
0c9295 |
memset(inbuf, 0, sizeof(inbuf));
|
|
|
0c9295 |
if (fgets(inbuf, sizeof(inbuf), stdin) == NULL) {
|
|
|
0c9295 |
fprintf(stderr, "Input aborted\n");
|
|
|
0c9295 |
+ free(shares);
|
|
|
0c9295 |
return -1;
|
|
|
0c9295 |
}
|
|
|
0c9295 |
p = (sp->x);
|
|
|
0c9295 |
@@ -706,6 +707,7 @@ static int recreate_password_from_shares(char **pwd, int *pwdlen, int num_of_pas
|
|
|
0c9295 |
memset(inbuf, 0, sizeof(inbuf));
|
|
|
0c9295 |
if (fgets(inbuf, sizeof(inbuf), stdin) == NULL) {
|
|
|
0c9295 |
fprintf(stderr, "Input aborted\n");
|
|
|
0c9295 |
+ free(shares);
|
|
|
0c9295 |
return -1;
|
|
|
0c9295 |
}
|
|
|
0c9295 |
binlen = 64;
|
|
|
0c9295 |
diff --git a/src/tools/westcos-tool.c b/src/tools/westcos-tool.c
|
|
|
0c9295 |
index 29b75dd..ff3d5e6 100644
|
|
|
0c9295 |
--- a/src/tools/westcos-tool.c
|
|
|
0c9295 |
+++ b/src/tools/westcos-tool.c
|
|
|
0c9295 |
@@ -91,8 +91,6 @@ static int finalize = 0;
|
|
|
0c9295 |
static int install_pin = 0;
|
|
|
0c9295 |
static int overwrite = 0;
|
|
|
0c9295 |
|
|
|
0c9295 |
-static const char *pin = NULL;
|
|
|
0c9295 |
-static const char *puk = NULL;
|
|
|
0c9295 |
static char *cert = NULL;
|
|
|
0c9295 |
|
|
|
0c9295 |
static int keylen = 0;
|
|
|
0c9295 |
@@ -260,7 +258,7 @@ static int unlock_pin(sc_card_t *card,
|
|
|
0c9295 |
}
|
|
|
0c9295 |
else
|
|
|
0c9295 |
{
|
|
|
0c9295 |
- if(pin == NULL || puk == NULL)
|
|
|
0c9295 |
+ if(pin_value == NULL || puk_value == NULL)
|
|
|
0c9295 |
{
|
|
|
0c9295 |
return SC_ERROR_INVALID_ARGUMENTS;
|
|
|
0c9295 |
}
|
|
|
0c9295 |
@@ -372,6 +370,8 @@ int main(int argc, char *argv[])
|
|
|
0c9295 |
RSA *rsa = NULL;
|
|
|
0c9295 |
BIGNUM *bn = NULL;
|
|
|
0c9295 |
BIO *mem = NULL;
|
|
|
0c9295 |
+ static const char *pin = NULL;
|
|
|
0c9295 |
+ static const char *puk = NULL;
|
|
|
0c9295 |
|
|
|
0c9295 |
while (1)
|
|
|
0c9295 |
{
|
|
|
0c9295 |
|
|
|
0c9295 |
From e73b2ad2e01cbcc3fdee471ce9692ab95a83b8a0 Mon Sep 17 00:00:00 2001
|
|
|
0c9295 |
From: Jakub Jelen <jjelen@redhat.com>
|
|
|
0c9295 |
Date: Wed, 1 Mar 2017 09:45:17 +0100
|
|
|
0c9295 |
Subject: [PATCH 2/3] Sanitize call to sc_pkcs15_free_certificate()
|
|
|
0c9295 |
|
|
|
0c9295 |
---
|
|
|
0c9295 |
src/libopensc/pkcs15-cac.c | 3 ++-
|
|
|
0c9295 |
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
0c9295 |
|
|
|
0c9295 |
diff --git a/src/libopensc/pkcs15-cac.c b/src/libopensc/pkcs15-cac.c
|
|
|
0c9295 |
index e0fa50b..61c6430 100644
|
|
|
0c9295 |
--- a/src/libopensc/pkcs15-cac.c
|
|
|
0c9295 |
+++ b/src/libopensc/pkcs15-cac.c
|
|
|
0c9295 |
@@ -352,7 +352,8 @@ static int sc_pkcs15emu_cac_init(sc_pkcs15_card_t *p15card)
|
|
|
0c9295 |
r = sc_pkcs15_read_certificate(p15card, &cert_info, &cert_out);
|
|
|
0c9295 |
if (r < 0 || cert_out->key == NULL) {
|
|
|
0c9295 |
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Failed to read/parse the certificate r=%d",r);
|
|
|
0c9295 |
- sc_pkcs15_free_certificate(cert_out);
|
|
|
0c9295 |
+ if (cert_out != NULL)
|
|
|
0c9295 |
+ sc_pkcs15_free_certificate(cert_out);
|
|
|
0c9295 |
continue;
|
|
|
0c9295 |
}
|
|
|
0c9295 |
|
|
|
0c9295 |
|
|
|
0c9295 |
From bdf452210f7fdbefe91df910025142b2e48b8ebc Mon Sep 17 00:00:00 2001
|
|
|
0c9295 |
From: Jakub Jelen <jjelen@redhat.com>
|
|
|
0c9295 |
Date: Wed, 1 Mar 2017 15:23:17 +0100
|
|
|
0c9295 |
Subject: [PATCH 3/3] Sanitize call to sc_pkcs15_free_certificate() in PIV too
|
|
|
0c9295 |
|
|
|
0c9295 |
---
|
|
|
0c9295 |
src/libopensc/pkcs15-piv.c | 3 ++-
|
|
|
0c9295 |
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
0c9295 |
|
|
|
0c9295 |
diff --git a/src/libopensc/pkcs15-piv.c b/src/libopensc/pkcs15-piv.c
|
|
|
0c9295 |
index 5bd0fdf..f6b6742 100644
|
|
|
0c9295 |
--- a/src/libopensc/pkcs15-piv.c
|
|
|
0c9295 |
+++ b/src/libopensc/pkcs15-piv.c
|
|
|
0c9295 |
@@ -761,7 +761,8 @@ static int sc_pkcs15emu_piv_init(sc_pkcs15_card_t *p15card)
|
|
|
0c9295 |
r = sc_pkcs15_read_certificate(p15card, &cert_info, &cert_out);
|
|
|
0c9295 |
if (r < 0 || cert_out->key == NULL) {
|
|
|
0c9295 |
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Failed to read/parse the certificate r=%d",r);
|
|
|
0c9295 |
- sc_pkcs15_free_certificate(cert_out);
|
|
|
0c9295 |
+ if (cert_out != NULL)
|
|
|
0c9295 |
+ sc_pkcs15_free_certificate(cert_out);
|
|
|
0c9295 |
continue;
|
|
|
0c9295 |
}
|
|
|
0c9295 |
/*
|
|
|
0c9295 |
From 389ffe590986c6ed42fa810874a52a51bac3ca26 Mon Sep 17 00:00:00 2001
|
|
|
0c9295 |
From: Jakub Jelen <jjelen@redhat.com>
|
|
|
0c9295 |
Date: Thu, 23 Mar 2017 12:16:46 +0100
|
|
|
0c9295 |
Subject: [PATCH 1/3] Coverity: FORWARD_NULL -- copy&paste error
|
|
|
0c9295 |
|
|
|
0c9295 |
---
|
|
|
0c9295 |
src/tools/gids-tool.c | 2 +-
|
|
|
0c9295 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
0c9295 |
|
|
|
0c9295 |
diff --git a/src/tools/gids-tool.c b/src/tools/gids-tool.c
|
|
|
0c9295 |
index 029c53f..84073b6 100644
|
|
|
0c9295 |
--- a/src/tools/gids-tool.c
|
|
|
0c9295 |
+++ b/src/tools/gids-tool.c
|
|
|
0c9295 |
@@ -277,7 +277,7 @@ static int changeAdminKey(sc_card_t* card, const char *so_pin, const char* new_k
|
|
|
0c9295 |
|
|
|
0c9295 |
if (new_key == NULL) {
|
|
|
0c9295 |
printf("Enter new admin key (48 hexadecimal characters) : ");
|
|
|
0c9295 |
- util_getpass(&_so_pin, NULL, stdin);
|
|
|
0c9295 |
+ util_getpass(&_new_key, NULL, stdin);
|
|
|
0c9295 |
printf("\n");
|
|
|
0c9295 |
} else {
|
|
|
0c9295 |
_new_key = (char *)new_key;
|
|
|
0c9295 |
--
|
|
|
0c9295 |
2.9.3
|
|
|
0c9295 |
|
|
|
0c9295 |
|
|
|
0c9295 |
From 1133efa4fe4d9a0267486cadbd3f6d144c584645 Mon Sep 17 00:00:00 2001
|
|
|
0c9295 |
From: Jakub Jelen <jjelen@redhat.com>
|
|
|
0c9295 |
Date: Thu, 23 Mar 2017 15:14:35 +0100
|
|
|
0c9295 |
Subject: [PATCH 2/3] CLANG_WARNING: Call to 'malloc' has an allocation size of
|
|
|
0c9295 |
0 bytes
|
|
|
0c9295 |
|
|
|
0c9295 |
---
|
|
|
0c9295 |
src/scconf/scconf.c | 2 ++
|
|
|
0c9295 |
1 file changed, 2 insertions(+)
|
|
|
0c9295 |
|
|
|
0c9295 |
diff --git a/src/scconf/scconf.c b/src/scconf/scconf.c
|
|
|
0c9295 |
index 7fcc301..678df3e 100644
|
|
|
0c9295 |
--- a/src/scconf/scconf.c
|
|
|
0c9295 |
+++ b/src/scconf/scconf.c
|
|
|
0c9295 |
@@ -411,6 +411,8 @@ char *scconf_list_strdup(const scconf_list * list, const char *filler)
|
|
|
0c9295 |
if (filler) {
|
|
|
0c9295 |
len += scconf_list_array_length(list) * (strlen(filler) + 1);
|
|
|
0c9295 |
}
|
|
|
0c9295 |
+ if (len == 0)
|
|
|
0c9295 |
+ return NULL;
|
|
|
0c9295 |
buf = malloc(len);
|
|
|
0c9295 |
if (!buf) {
|
|
|
0c9295 |
return NULL;
|
|
|
0c9295 |
--
|
|
|
0c9295 |
2.9.3
|
|
|
0c9295 |
|
|
|
0c9295 |
|
|
|
0c9295 |
From f82bc2008d58348cafcbba30623fcb55dab5cb3a Mon Sep 17 00:00:00 2001
|
|
|
0c9295 |
From: Jakub Jelen <jjelen@redhat.com>
|
|
|
0c9295 |
Date: Thu, 23 Mar 2017 15:46:42 +0100
|
|
|
0c9295 |
Subject: [PATCH 3/3] Avoid malloc with 0 argument
|
|
|
0c9295 |
|
|
|
0c9295 |
---
|
|
|
0c9295 |
src/libopensc/card-cac.c | 7 +++++--
|
|
|
0c9295 |
1 file changed, 5 insertions(+), 2 deletions(-)
|
|
|
0c9295 |
|
|
|
0c9295 |
diff --git a/src/libopensc/card-cac.c b/src/libopensc/card-cac.c
|
|
|
0c9295 |
index 788fb52..6a5b5af 100644
|
|
|
0c9295 |
--- a/src/libopensc/card-cac.c
|
|
|
0c9295 |
+++ b/src/libopensc/card-cac.c
|
|
|
0c9295 |
@@ -670,12 +670,12 @@ static int cac_read_binary(sc_card_t *card, unsigned int idx,
|
|
|
0c9295 |
r = sc_decompress_alloc(&priv->cache_buf, &priv->cache_buf_len,
|
|
|
0c9295 |
cert_ptr, cert_len, COMPRESSION_AUTO);
|
|
|
0c9295 |
#else
|
|
|
0c9295 |
- sc_log(card->ctx, "PIV compression not supported, no zlib");
|
|
|
0c9295 |
+ sc_log(card->ctx, "CAC compression not supported, no zlib");
|
|
|
0c9295 |
r = SC_ERROR_NOT_SUPPORTED;
|
|
|
0c9295 |
#endif
|
|
|
0c9295 |
if (r)
|
|
|
0c9295 |
goto done;
|
|
|
0c9295 |
- } else {
|
|
|
0c9295 |
+ } else if (cert_len > 0) {
|
|
|
0c9295 |
priv->cache_buf = malloc(cert_len);
|
|
|
0c9295 |
if (priv->cache_buf == NULL) {
|
|
|
0c9295 |
r = SC_ERROR_OUT_OF_MEMORY;
|
|
|
0c9295 |
@@ -683,6 +683,9 @@ static int cac_read_binary(sc_card_t *card, unsigned int idx,
|
|
|
0c9295 |
}
|
|
|
0c9295 |
priv->cache_buf_len = cert_len;
|
|
|
0c9295 |
memcpy(priv->cache_buf, cert_ptr, cert_len);
|
|
|
0c9295 |
+ } else {
|
|
|
0c9295 |
+ sc_log(card->ctx, "Can't read zero-length certificate");
|
|
|
0c9295 |
+ goto done;
|
|
|
0c9295 |
}
|
|
|
0c9295 |
break;
|
|
|
0c9295 |
default:
|
|
|
0c9295 |
--
|
|
|
0c9295 |
2.9.3
|
|
|
0c9295 |
|
|
|
0c9295 |
|