Check-in [846e77f0f5]
Overview
Comment:Added more fixes for memory leaks or use of uninitialized memory
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 846e77f0f5a437197b61dfe2201e89d56ff5e157
User & Date: rkeene on 2015-07-24 04:07:21
Other Links: manifest | tags
Context
2015-07-24
04:11
Further failure to free on error repaired and start of AFL testing code added. check-in: 8299a1c4f7 user: rkeene tags: trunk
04:07
Added more fixes for memory leaks or use of uninitialized memory check-in: 846e77f0f5 user: rkeene tags: trunk
2015-07-23
20:45
Fixed a couple of issues found setting up test cases for the AFL fuzzer check-in: 633a24960e user: rkeene tags: trunk
Changes

Modified cackey.c from [c129398723] to [aa058371f0].

213
214
215
216
217
218
219
220

221
222
223
224
225
226
227
228
229

230
231
232
233
234
235
236
237
238
239
240

241

242
243
244
245
246
247
248
213
214
215
216
217
218
219

220
221
222
223
224
225
226
227
228

229
230
231
232
233
234
235
236
237
238
239
240
241

242
243
244
245
246
247
248
249







-
+








-
+











+
-
+







	static char buf_user[4096] = {0}; \
	snprintf(buf_user, sizeof(buf_user), x); \
	buf_user[sizeof(buf_user) - 1] = '\0'; \
	fprintf(cackey_debug_fd(), "[%lu]: %s():%i: %s\n", CACKEY_DEBUG_GETTIME(), __func__, __LINE__, buf_user); \
	fflush(cackey_debug_fd()); \
}
#  define CACKEY_DEBUG_PRINTBUF(f, x, y) { \
	static char buf_user[4096] = {0}, *buf_user_p; \
	static char buf_user[4096] = {0}, *buf_user_p, *buf_user_print; \
	unsigned long buf_user_size; \
	unsigned char *TMPBUF; \
	unsigned long idx; \
	int snprintf_ret; \
	TMPBUF = (unsigned char *) (x); \
	buf_user[0] = 0; \
	buf_user_p = buf_user; \
	buf_user_size = sizeof(buf_user); \
	for (idx = 1; idx < (y); idx++) { \
	for (idx = 0; idx < (y); idx++) { \
		if (buf_user_size <= 0) { \
			break; \
		}; \
		snprintf_ret = snprintf(buf_user_p, buf_user_size, ", %02x", TMPBUF[idx]); \
		if (snprintf_ret <= 0) { \
			break; \
		}; \
		buf_user_p += snprintf_ret; \
		buf_user_size -= snprintf_ret; \
	}; \
	buf_user[sizeof(buf_user) - 1] = '\0'; \
	buf_user_print = buf_user + 2; \
	fprintf(cackey_debug_fd(), "[%lu]: %s():%i: %s  (%s/%lu = {%02x%s})\n", CACKEY_DEBUG_GETTIME(), __func__, __LINE__, f, #x, (unsigned long) (y), TMPBUF[0], buf_user); \
	fprintf(cackey_debug_fd(), "[%lu]: %s():%i: %s  (%s/%lu = {%s})\n", CACKEY_DEBUG_GETTIME(), __func__, __LINE__, f, #x, (unsigned long) (y), buf_user_print); \
	fflush(cackey_debug_fd()); \
}
#  define free(x) { CACKEY_DEBUG_PRINTF("FREE(%p) (%s)", (void *) x, #x); free(x); }

static FILE *cackey_debug_fd(void) {
	static FILE *fd = NULL;
	char *logfile;
840
841
842
843
844
845
846
847


848
849
850
851
852
853
854
841
842
843
844
845
846
847

848
849
850
851
852
853
854
855
856







-
+
+







	CACKEY_PCSC_S_TOKENPRESENT    = 1,
	CACKEY_PCSC_S_OK              = 0,
	CACKEY_PCSC_E_GENERIC         = -1,
	CACKEY_PCSC_E_BADPIN          = -2,
	CACKEY_PCSC_E_LOCKED          = -3,
	CACKEY_PCSC_E_NEEDLOGIN       = -4,
	CACKEY_PCSC_E_TOKENABSENT     = -6,
	CACKEY_PCSC_E_RETRY           = -7
	CACKEY_PCSC_E_RETRY           = -7,
	CACKEY_PCSC_E_NODATA          = -8
} cackey_ret;

struct cackey_tlv_cardurl {
	unsigned char        rid[5];
	cackey_tlv_apptype   apptype;
	cackey_tlv_objectid  objectid;
	cackey_tlv_objectid  appid;
1646
1647
1648
1649
1650
1651
1652





1653

1654
1655
1656
1657
1658
1659
1660
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659

1660
1661
1662
1663
1664
1665
1666
1667







+
+
+
+
+
-
+







	if (recv_len < 2) {
		/* Minimal response length is 2 bytes, returning in failure */
		CACKEY_DEBUG_PRINTF("Response too small, returning in failure (recv_len = %lu)", (unsigned long) recv_len);

		/* End Smartcard Transaction */
		cackey_end_transaction(slot);

		/* Supply an invalid response code */
		if (respcode) {
			*respcode = 0;
		}

		return(CACKEY_PCSC_E_GENERIC);
		return(CACKEY_PCSC_E_NODATA);
	}

	/* Determine result code */
	major_rc = recv_buf[recv_len - 2];
	minor_rc = recv_buf[recv_len - 1];
	if (respcode) {
		*respcode = (major_rc << 8) | minor_rc;
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533




2534
2535
2536
2537








2538
2539
2540
2541
2542
2543
2544
2512
2513
2514
2515
2516
2517
2518








2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555







-
-
-
-
-
-
-
-














+
+
+
+




+
+
+
+
+
+
+
+







	transaction_ret = cackey_begin_transaction(slot);
	if (transaction_ret != CACKEY_PCSC_S_OK) {
		CACKEY_DEBUG_PRINTF("Unable begin transaction, returning in failure");

		return(NULL);
	}

	if (certs == NULL) {
		certs = malloc(sizeof(*certs) * 5);
		*count = 5;
		certs_resizable = 1;
	} else {
		certs_resizable = 0;
	}

	/* Select the CCC Applet */
	send_ret = cackey_select_applet(slot, ccc_aid, sizeof(ccc_aid));
	if (send_ret != CACKEY_PCSC_S_OK) {
		/* Try PIV application */
		send_ret = cackey_select_applet(slot, piv_aid, sizeof(piv_aid));
		if (send_ret == CACKEY_PCSC_S_OK) {
			CACKEY_DEBUG_PRINTF("We have a PIV card -- not using the CCC, pulling pre-selected keys");

			piv = 1;
		} else {
			CACKEY_DEBUG_PRINTF("Unable to select CCC Applet, returning in failure");

			/* Terminate SmartCard Transaction */
			cackey_end_transaction(slot);

			if (certs == NULL) {
				*count = 0;
			}

			return(NULL);
		}
	}

	if (certs == NULL) {
		certs = malloc(sizeof(*certs) * 5);
		*count = 5;
		certs_resizable = 1;
	} else {
		certs_resizable = 0;
	}

	if (piv) {
		for (idx = 0; idx < 3; idx++) {
			switch (idx) {
				case 0:
					piv_oid = piv_oid_pivauth;
					piv_key = NISTSP800_78_3_KEY_PIVAUTH;
7723
7724
7725
7726
7727
7728
7729

7730
7731
7732
7733
7734
7735
7736
7737
7738








7739
7740
7741
7742
7743
7744
7745
7734
7735
7736
7737
7738
7739
7740
7741
7742
7743
7744
7745
7746
7747
7748
7749
7750
7751
7752
7753
7754
7755
7756
7757
7758
7759
7760
7761
7762
7763
7764
7765







+









+
+
+
+
+
+
+
+








	return(CKR_FUNCTION_NOT_PARALLEL);

	hSession = hSession; /* Supress unused variable warning */
}

CK_DEFINE_FUNCTION(CK_RV, C_GetFunctionList)(CK_FUNCTION_LIST_PTR_PTR ppFunctionList) {
	static CK_FUNCTION_LIST_PTR spFunctionList = NULL;
	CK_FUNCTION_LIST_PTR pFunctionList;

	CACKEY_DEBUG_PRINTF("Called.");

	if (ppFunctionList == NULL) {
		CACKEY_DEBUG_PRINTF("Error. ppFunctionList is NULL.");

		return(CKR_ARGUMENTS_BAD);
	}

	if (spFunctionList != NULL) {
		*ppFunctionList = spFunctionList;

		CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK);

		return(CKR_OK);
	}

	pFunctionList = malloc(sizeof(*pFunctionList));

	pFunctionList->version.major = ((CACKEY_CRYPTOKI_VERSION_CODE) >> 16) & 0xff;
	pFunctionList->version.minor = ((CACKEY_CRYPTOKI_VERSION_CODE) >> 8) & 0xff;

	pFunctionList->C_Initialize = C_Initialize;
7807
7808
7809
7810
7811
7812
7813

7814
7815
7816
7817
7818
7819
7820
7827
7828
7829
7830
7831
7832
7833
7834
7835
7836
7837
7838
7839
7840








+






-
	pFunctionList->C_DeriveKey = C_DeriveKey;
	pFunctionList->C_SeedRandom = C_SeedRandom;
	pFunctionList->C_GenerateRandom = C_GenerateRandom;
	pFunctionList->C_GetFunctionStatus = C_GetFunctionStatus;
	pFunctionList->C_CancelFunction = C_CancelFunction;
	pFunctionList->C_GetFunctionList = C_GetFunctionList;

	spFunctionList  = pFunctionList;
	*ppFunctionList = pFunctionList;

	CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK);

	return(CKR_OK);
}