Check-in [c70fbcca60]
Overview
Comment:Fixed issue with double-free when PC/SC connection manager is unavailable

Fixed issues found from splint(1) output

Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:c70fbcca604bcdd637194ea505741f9331d4f273
User & Date: rkeene on 2010-05-17 05:09:46
Other Links: manifest | tags
Context
2010-05-17
05:18
Fixed issue with double-free not being reported if it is the last action recorded check-in: 8a6ff15b3c user: rkeene tags: trunk
05:09
Fixed issue with double-free when PC/SC connection manager is unavailable

Fixed issues found from splint(1) output check-in: c70fbcca60 user: rkeene tags: trunk

05:04
Updated to strip release library

Updated list of headers to check for check-in: b491412695 user: rkeene tags: trunk

Changes

Modified Makefile.in from [7e5757e77e] to [2f99a74303].

    38     38   libcackey_g.@SHOBJEXT@: cackey_g.o asn1-x509_g.o
    39     39   	$(CC) $(SHOBJFLAGS) $(DEBUGCPPFLAGS) $(DEBUGCFLAGS) $(SHOBJLDFLAGS) $(LDFLAGS) -o libcackey_g.@SHOBJEXT@ cackey_g.o asn1-x509_g.o $(LIBS)
    40     40   
    41     41   test: test.c libcackey_g.@SHOBJEXT@
    42     42   	$(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o test test.c -Wl,-R,. libcackey_g.@SHOBJEXT@
    43     43   
    44     44   splint-cackey.txt: cackey.c asn1-x509.c asn1-x509.h config.h
    45         -	splint $(CPPFLAGS) -weak +posixlib -I/usr/include/PCSC -Ipkcs11 cackey.c > splint-cackey.txt
           45  +	splint $(DEBUGCPPFLAGS) -DCACKEY_PARANOID=1 -weak +posixlib -I/usr/include/PCSC -Ipkcs11 cackey.c > splint-cackey.txt
    46     46   
    47     47   install: libcackey.@SHOBJEXT@
    48     48   	-mkdir "$(DESTDIR)$(libdir)"
    49     49   	cp "libcackey.@SHOBJEXT@" "$(DESTDIR)$(libdir)/"
    50     50   	-cp "libcackey_g.@SHOBJEXT@" "$(DESTDIR)$(libdir)/"
    51     51   
    52     52   clean:

Modified cackey.c from [4cc11579bd] to [ddbf6476ef].

    22     22   #endif
    23     23   #ifdef HAVE_STRING_H
    24     24   #  include <string.h>
    25     25   #endif
    26     26   #ifdef HAVE_PTHREAD_H
    27     27   #  include <pthread.h>
    28     28   #endif
           29  +#ifdef HAVE_LIMITS_H
           30  +#  include <limits.h>
           31  +#endif
    29     32   #ifdef HAVE_ZLIB_H
    30     33   #  ifdef HAVE_LIBZ
    31     34   #    include <zlib.h>
    32     35   #  endif
    33     36   #else
    34     37   #  ifdef HAVE_LIBZ
    35     38   #    undef HAVE_LIBZ
................................................................................
   693    696   
   694    697   		CACKEY_DEBUG_PRINTF("SCardEstablishContext() called");
   695    698   		scard_est_context_ret = SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL, cackey_pcsc_handle);
   696    699   		if (scard_est_context_ret != SCARD_S_SUCCESS) {
   697    700   			CACKEY_DEBUG_PRINTF("Call to SCardEstablishContext failed (returned %s/%li), returning in failure", CACKEY_DEBUG_FUNC_SCARDERR_TO_STR(scard_est_context_ret), (long) scard_est_context_ret);
   698    701   
   699    702   			free(cackey_pcsc_handle);
          703  +			cackey_pcsc_handle = NULL;
   700    704   
   701    705   			cackey_slots_disconnect_all();
   702    706   
   703    707   			return(CACKEY_PCSC_E_GENERIC);
   704    708   		}
   705    709   	}
   706    710   
................................................................................
   712    716   
   713    717   		CACKEY_DEBUG_PRINTF("SCardEstablishContext() called");
   714    718   		scard_est_context_ret = SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL, cackey_pcsc_handle);
   715    719   		if (scard_est_context_ret != SCARD_S_SUCCESS) {
   716    720   			CACKEY_DEBUG_PRINTF("Call to SCardEstablishContext failed (returned %s/%li), returning in failure", CACKEY_DEBUG_FUNC_SCARDERR_TO_STR(scard_est_context_ret), (long) scard_est_context_ret);
   717    721   
   718    722   			free(cackey_pcsc_handle);
          723  +			cackey_pcsc_handle = NULL;
   719    724   
   720    725   			cackey_slots_disconnect_all();
   721    726   
   722    727   			return(CACKEY_PCSC_E_GENERIC);
   723    728   		}
   724    729   
   725    730   		CACKEY_DEBUG_PRINTF("Handle has been re-established");
................................................................................
   754    759   
   755    760   	if (cackey_pcsc_handle == NULL) {
   756    761   		return(CACKEY_PCSC_S_OK);
   757    762   	}
   758    763   
   759    764   	scard_rel_context_ret = SCardReleaseContext(*cackey_pcsc_handle);
   760    765   
   761         -	free(cackey_pcsc_handle);
   762         -	cackey_pcsc_handle = NULL;
          766  +	if (cackey_pcsc_handle) {
          767  +		free(cackey_pcsc_handle);
          768  +	
          769  +		cackey_pcsc_handle = NULL;
          770  +	}
   763    771   
   764    772   	if (scard_rel_context_ret != SCARD_S_SUCCESS) {
   765    773   		return(CACKEY_PCSC_E_GENERIC);
   766    774   	}
   767    775   
   768    776   	return(CACKEY_PCSC_S_OK);
   769    777   }
................................................................................
  1269   1277   
  1270   1278   			return(-1);
  1271   1279   		}
  1272   1280   
  1273   1281   		offset += count;
  1274   1282   
  1275   1283   		if (count < max_count) {
  1276         -			CACKEY_DEBUG_PRINTF("Short read -- count = %i, cmd[1] = %i", count, cmd[1]);
         1284  +			CACKEY_DEBUG_PRINTF("Short read -- count = %i, cmd[1] = %i", (int) count, (int) cmd[1]);
  1277   1285   
  1278   1286   			break;
  1279   1287   		}
  1280   1288   	}
         1289  +
         1290  +#ifdef CACKEY_PARANOID
         1291  +#  ifdef _POSIX_SSIZE_MAX
         1292  +	if (offset > _POSIX_SSIZE_MAX) {
         1293  +		CACKEY_DEBUG_PRINTF("Offset exceeds maximum value, returning in failure. (max = %li, offset = %lu)", (long) _POSIX_SSIZE_MAX, (unsigned long) offset);
         1294  +
         1295  +		return(-1);
         1296  +	}
         1297  +#  endif
         1298  +#endif
  1281   1299   
  1282   1300   	CACKEY_DEBUG_PRINTF("Returning in success, read %lu bytes", (unsigned long) offset);
  1283   1301   
  1284   1302   	return(offset);
  1285   1303   }
  1286   1304   
  1287   1305   /*
................................................................................
  1868   1886   		cackey_end_transaction(slot);
  1869   1887   
  1870   1888   		return(-1);
  1871   1889   	}
  1872   1890   
  1873   1891   	/* End transaction */
  1874   1892   	cackey_end_transaction(slot);
         1893  +
         1894  +#ifdef CACKEY_PARANOID
         1895  +#  ifdef _POSIX_SSIZE_MAX
         1896  +	if (outbuflen > _POSIX_SSIZE_MAX) {
         1897  +		CACKEY_DEBUG_PRINTF("Outbuflen exceeds maximum value, returning in failure. (max = %li, outbuflen = %lu)", (long) _POSIX_SSIZE_MAX, (unsigned long) outbuflen);
         1898  +
         1899  +		return(-1);
         1900  +	}
         1901  +#  endif
         1902  +#endif
  1875   1903   
  1876   1904   	CACKEY_DEBUG_PRINTF("Returning in success.");
  1877   1905   
  1878   1906   	return(outbuflen);
  1879   1907   }
  1880   1908   
  1881   1909   /*
................................................................................
  2002   2030   	if (x509_read_ret <= 0) {
  2003   2031   		x509_read_ret = x509_dn_to_string(label_asn1, x509_read_ret, (char *) label_buf, label_buf_len, NULL);
  2004   2032   
  2005   2033   		if (x509_read_ret <= 0) {
  2006   2034   			return(-1);
  2007   2035   		}
  2008   2036   	}
         2037  +
         2038  +#ifdef CACKEY_PARANOID
         2039  +#  ifdef _POSIX_SSIZE_MAX
         2040  +	if (x509_read_ret > _POSIX_SSIZE_MAX) {
         2041  +		CACKEY_DEBUG_PRINTF("x509_read_ret exceeds maximum value, returning in failure. (max = %li, x509_read_ret = %lu)", (long) _POSIX_SSIZE_MAX, (unsigned long) x509_read_ret);
         2042  +
         2043  +		return(-1);
         2044  +	}
         2045  +#  endif
         2046  +#endif
  2009   2047   
  2010   2048   	return(x509_read_ret);
  2011   2049   }
  2012   2050   
  2013   2051   /* Returns 0 on success */
  2014   2052   static int cackey_mutex_create(void **mutex) {
  2015   2053   	pthread_mutex_t *pthread_mutex;