Check-in [c70fbcca60]
Overview
Comment:Fixed issue with double-free when PC/SC connection manager is unavailable

Fixed issues found from splint(1) output

Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:c70fbcca604bcdd637194ea505741f9331d4f273
User & Date: rkeene on 2010-05-17 05:09:46
Other Links: manifest | tags
Context
2010-05-17
05:18
Fixed issue with double-free not being reported if it is the last action recorded check-in: 8a6ff15b3c user: rkeene tags: trunk
05:09
Fixed issue with double-free when PC/SC connection manager is unavailable

Fixed issues found from splint(1) output check-in: c70fbcca60 user: rkeene tags: trunk

05:04
Updated to strip release library

Updated list of headers to check for check-in: b491412695 user: rkeene tags: trunk

Changes

Modified Makefile.in from [7e5757e77e] to [2f99a74303].

38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
libcackey_g.@SHOBJEXT@: cackey_g.o asn1-x509_g.o
	$(CC) $(SHOBJFLAGS) $(DEBUGCPPFLAGS) $(DEBUGCFLAGS) $(SHOBJLDFLAGS) $(LDFLAGS) -o libcackey_g.@SHOBJEXT@ cackey_g.o asn1-x509_g.o $(LIBS)

test: test.c libcackey_g.@SHOBJEXT@
	$(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o test test.c -Wl,-R,. libcackey_g.@SHOBJEXT@

splint-cackey.txt: cackey.c asn1-x509.c asn1-x509.h config.h
	splint $(CPPFLAGS) -weak +posixlib -I/usr/include/PCSC -Ipkcs11 cackey.c > splint-cackey.txt

install: libcackey.@SHOBJEXT@
	-mkdir "$(DESTDIR)$(libdir)"
	cp "libcackey.@SHOBJEXT@" "$(DESTDIR)$(libdir)/"
	-cp "libcackey_g.@SHOBJEXT@" "$(DESTDIR)$(libdir)/"

clean:







|







38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
libcackey_g.@SHOBJEXT@: cackey_g.o asn1-x509_g.o
	$(CC) $(SHOBJFLAGS) $(DEBUGCPPFLAGS) $(DEBUGCFLAGS) $(SHOBJLDFLAGS) $(LDFLAGS) -o libcackey_g.@SHOBJEXT@ cackey_g.o asn1-x509_g.o $(LIBS)

test: test.c libcackey_g.@SHOBJEXT@
	$(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o test test.c -Wl,-R,. libcackey_g.@SHOBJEXT@

splint-cackey.txt: cackey.c asn1-x509.c asn1-x509.h config.h
	splint $(DEBUGCPPFLAGS) -DCACKEY_PARANOID=1 -weak +posixlib -I/usr/include/PCSC -Ipkcs11 cackey.c > splint-cackey.txt

install: libcackey.@SHOBJEXT@
	-mkdir "$(DESTDIR)$(libdir)"
	cp "libcackey.@SHOBJEXT@" "$(DESTDIR)$(libdir)/"
	-cp "libcackey_g.@SHOBJEXT@" "$(DESTDIR)$(libdir)/"

clean:

Modified cackey.c from [4cc11579bd] to [ddbf6476ef].

22
23
24
25
26
27
28



29
30
31
32
33
34
35
...
693
694
695
696
697
698
699

700
701
702
703
704
705
706
...
712
713
714
715
716
717
718

719
720
721
722
723
724
725
...
754
755
756
757
758
759
760

761

762

763
764
765
766
767
768
769
....
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280










1281
1282
1283
1284
1285
1286
1287
....
1868
1869
1870
1871
1872
1873
1874










1875
1876
1877
1878
1879
1880
1881
....
2002
2003
2004
2005
2006
2007
2008










2009
2010
2011
2012
2013
2014
2015
#endif
#ifdef HAVE_STRING_H
#  include <string.h>
#endif
#ifdef HAVE_PTHREAD_H
#  include <pthread.h>
#endif



#ifdef HAVE_ZLIB_H
#  ifdef HAVE_LIBZ
#    include <zlib.h>
#  endif
#else
#  ifdef HAVE_LIBZ
#    undef HAVE_LIBZ
................................................................................

		CACKEY_DEBUG_PRINTF("SCardEstablishContext() called");
		scard_est_context_ret = SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL, cackey_pcsc_handle);
		if (scard_est_context_ret != SCARD_S_SUCCESS) {
			CACKEY_DEBUG_PRINTF("Call to SCardEstablishContext failed (returned %s/%li), returning in failure", CACKEY_DEBUG_FUNC_SCARDERR_TO_STR(scard_est_context_ret), (long) scard_est_context_ret);

			free(cackey_pcsc_handle);


			cackey_slots_disconnect_all();

			return(CACKEY_PCSC_E_GENERIC);
		}
	}

................................................................................

		CACKEY_DEBUG_PRINTF("SCardEstablishContext() called");
		scard_est_context_ret = SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL, cackey_pcsc_handle);
		if (scard_est_context_ret != SCARD_S_SUCCESS) {
			CACKEY_DEBUG_PRINTF("Call to SCardEstablishContext failed (returned %s/%li), returning in failure", CACKEY_DEBUG_FUNC_SCARDERR_TO_STR(scard_est_context_ret), (long) scard_est_context_ret);

			free(cackey_pcsc_handle);


			cackey_slots_disconnect_all();

			return(CACKEY_PCSC_E_GENERIC);
		}

		CACKEY_DEBUG_PRINTF("Handle has been re-established");
................................................................................

	if (cackey_pcsc_handle == NULL) {
		return(CACKEY_PCSC_S_OK);
	}

	scard_rel_context_ret = SCardReleaseContext(*cackey_pcsc_handle);


	free(cackey_pcsc_handle);

	cackey_pcsc_handle = NULL;


	if (scard_rel_context_ret != SCARD_S_SUCCESS) {
		return(CACKEY_PCSC_E_GENERIC);
	}

	return(CACKEY_PCSC_S_OK);
}
................................................................................

			return(-1);
		}

		offset += count;

		if (count < max_count) {
			CACKEY_DEBUG_PRINTF("Short read -- count = %i, cmd[1] = %i", count, cmd[1]);

			break;
		}
	}











	CACKEY_DEBUG_PRINTF("Returning in success, read %lu bytes", (unsigned long) offset);

	return(offset);
}

/*
................................................................................
		cackey_end_transaction(slot);

		return(-1);
	}

	/* End transaction */
	cackey_end_transaction(slot);











	CACKEY_DEBUG_PRINTF("Returning in success.");

	return(outbuflen);
}

/*
................................................................................
	if (x509_read_ret <= 0) {
		x509_read_ret = x509_dn_to_string(label_asn1, x509_read_ret, (char *) label_buf, label_buf_len, NULL);

		if (x509_read_ret <= 0) {
			return(-1);
		}
	}











	return(x509_read_ret);
}

/* Returns 0 on success */
static int cackey_mutex_create(void **mutex) {
	pthread_mutex_t *pthread_mutex;







>
>
>







 







>







 







>







 







>
|
>
|
>







 







|




>
>
>
>
>
>
>
>
>
>







 







>
>
>
>
>
>
>
>
>
>







 







>
>
>
>
>
>
>
>
>
>







22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
...
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
...
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
...
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
....
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
....
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
....
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
#endif
#ifdef HAVE_STRING_H
#  include <string.h>
#endif
#ifdef HAVE_PTHREAD_H
#  include <pthread.h>
#endif
#ifdef HAVE_LIMITS_H
#  include <limits.h>
#endif
#ifdef HAVE_ZLIB_H
#  ifdef HAVE_LIBZ
#    include <zlib.h>
#  endif
#else
#  ifdef HAVE_LIBZ
#    undef HAVE_LIBZ
................................................................................

		CACKEY_DEBUG_PRINTF("SCardEstablishContext() called");
		scard_est_context_ret = SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL, cackey_pcsc_handle);
		if (scard_est_context_ret != SCARD_S_SUCCESS) {
			CACKEY_DEBUG_PRINTF("Call to SCardEstablishContext failed (returned %s/%li), returning in failure", CACKEY_DEBUG_FUNC_SCARDERR_TO_STR(scard_est_context_ret), (long) scard_est_context_ret);

			free(cackey_pcsc_handle);
			cackey_pcsc_handle = NULL;

			cackey_slots_disconnect_all();

			return(CACKEY_PCSC_E_GENERIC);
		}
	}

................................................................................

		CACKEY_DEBUG_PRINTF("SCardEstablishContext() called");
		scard_est_context_ret = SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL, cackey_pcsc_handle);
		if (scard_est_context_ret != SCARD_S_SUCCESS) {
			CACKEY_DEBUG_PRINTF("Call to SCardEstablishContext failed (returned %s/%li), returning in failure", CACKEY_DEBUG_FUNC_SCARDERR_TO_STR(scard_est_context_ret), (long) scard_est_context_ret);

			free(cackey_pcsc_handle);
			cackey_pcsc_handle = NULL;

			cackey_slots_disconnect_all();

			return(CACKEY_PCSC_E_GENERIC);
		}

		CACKEY_DEBUG_PRINTF("Handle has been re-established");
................................................................................

	if (cackey_pcsc_handle == NULL) {
		return(CACKEY_PCSC_S_OK);
	}

	scard_rel_context_ret = SCardReleaseContext(*cackey_pcsc_handle);

	if (cackey_pcsc_handle) {
		free(cackey_pcsc_handle);
	
		cackey_pcsc_handle = NULL;
	}

	if (scard_rel_context_ret != SCARD_S_SUCCESS) {
		return(CACKEY_PCSC_E_GENERIC);
	}

	return(CACKEY_PCSC_S_OK);
}
................................................................................

			return(-1);
		}

		offset += count;

		if (count < max_count) {
			CACKEY_DEBUG_PRINTF("Short read -- count = %i, cmd[1] = %i", (int) count, (int) cmd[1]);

			break;
		}
	}

#ifdef CACKEY_PARANOID
#  ifdef _POSIX_SSIZE_MAX
	if (offset > _POSIX_SSIZE_MAX) {
		CACKEY_DEBUG_PRINTF("Offset exceeds maximum value, returning in failure. (max = %li, offset = %lu)", (long) _POSIX_SSIZE_MAX, (unsigned long) offset);

		return(-1);
	}
#  endif
#endif

	CACKEY_DEBUG_PRINTF("Returning in success, read %lu bytes", (unsigned long) offset);

	return(offset);
}

/*
................................................................................
		cackey_end_transaction(slot);

		return(-1);
	}

	/* End transaction */
	cackey_end_transaction(slot);

#ifdef CACKEY_PARANOID
#  ifdef _POSIX_SSIZE_MAX
	if (outbuflen > _POSIX_SSIZE_MAX) {
		CACKEY_DEBUG_PRINTF("Outbuflen exceeds maximum value, returning in failure. (max = %li, outbuflen = %lu)", (long) _POSIX_SSIZE_MAX, (unsigned long) outbuflen);

		return(-1);
	}
#  endif
#endif

	CACKEY_DEBUG_PRINTF("Returning in success.");

	return(outbuflen);
}

/*
................................................................................
	if (x509_read_ret <= 0) {
		x509_read_ret = x509_dn_to_string(label_asn1, x509_read_ret, (char *) label_buf, label_buf_len, NULL);

		if (x509_read_ret <= 0) {
			return(-1);
		}
	}

#ifdef CACKEY_PARANOID
#  ifdef _POSIX_SSIZE_MAX
	if (x509_read_ret > _POSIX_SSIZE_MAX) {
		CACKEY_DEBUG_PRINTF("x509_read_ret exceeds maximum value, returning in failure. (max = %li, x509_read_ret = %lu)", (long) _POSIX_SSIZE_MAX, (unsigned long) x509_read_ret);

		return(-1);
	}
#  endif
#endif

	return(x509_read_ret);
}

/* Returns 0 on success */
static int cackey_mutex_create(void **mutex) {
	pthread_mutex_t *pthread_mutex;