Index: Makefile.in ================================================================== --- Makefile.in +++ Makefile.in @@ -40,11 +40,11 @@ test: test.c libcackey_g.@SHOBJEXT@ $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o test test.c -Wl,-R,. libcackey_g.@SHOBJEXT@ splint-cackey.txt: cackey.c asn1-x509.c asn1-x509.h config.h - splint $(CPPFLAGS) -weak +posixlib -I/usr/include/PCSC -Ipkcs11 cackey.c > splint-cackey.txt + splint $(DEBUGCPPFLAGS) -DCACKEY_PARANOID=1 -weak +posixlib -I/usr/include/PCSC -Ipkcs11 cackey.c > splint-cackey.txt install: libcackey.@SHOBJEXT@ -mkdir "$(DESTDIR)$(libdir)" cp "libcackey.@SHOBJEXT@" "$(DESTDIR)$(libdir)/" -cp "libcackey_g.@SHOBJEXT@" "$(DESTDIR)$(libdir)/" Index: cackey.c ================================================================== --- cackey.c +++ cackey.c @@ -24,10 +24,13 @@ # include #endif #ifdef HAVE_PTHREAD_H # include #endif +#ifdef HAVE_LIMITS_H +# include +#endif #ifdef HAVE_ZLIB_H # ifdef HAVE_LIBZ # include # endif #else @@ -695,10 +698,11 @@ scard_est_context_ret = SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL, cackey_pcsc_handle); if (scard_est_context_ret != SCARD_S_SUCCESS) { CACKEY_DEBUG_PRINTF("Call to SCardEstablishContext failed (returned %s/%li), returning in failure", CACKEY_DEBUG_FUNC_SCARDERR_TO_STR(scard_est_context_ret), (long) scard_est_context_ret); free(cackey_pcsc_handle); + cackey_pcsc_handle = NULL; cackey_slots_disconnect_all(); return(CACKEY_PCSC_E_GENERIC); } @@ -714,10 +718,11 @@ scard_est_context_ret = SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL, cackey_pcsc_handle); if (scard_est_context_ret != SCARD_S_SUCCESS) { CACKEY_DEBUG_PRINTF("Call to SCardEstablishContext failed (returned %s/%li), returning in failure", CACKEY_DEBUG_FUNC_SCARDERR_TO_STR(scard_est_context_ret), (long) scard_est_context_ret); free(cackey_pcsc_handle); + cackey_pcsc_handle = NULL; cackey_slots_disconnect_all(); return(CACKEY_PCSC_E_GENERIC); } @@ -756,12 +761,15 @@ return(CACKEY_PCSC_S_OK); } scard_rel_context_ret = SCardReleaseContext(*cackey_pcsc_handle); - free(cackey_pcsc_handle); - cackey_pcsc_handle = NULL; + if (cackey_pcsc_handle) { + free(cackey_pcsc_handle); + + cackey_pcsc_handle = NULL; + } if (scard_rel_context_ret != SCARD_S_SUCCESS) { return(CACKEY_PCSC_E_GENERIC); } @@ -1271,15 +1279,25 @@ } offset += count; if (count < max_count) { - CACKEY_DEBUG_PRINTF("Short read -- count = %i, cmd[1] = %i", count, cmd[1]); + CACKEY_DEBUG_PRINTF("Short read -- count = %i, cmd[1] = %i", (int) count, (int) cmd[1]); break; } } + +#ifdef CACKEY_PARANOID +# ifdef _POSIX_SSIZE_MAX + if (offset > _POSIX_SSIZE_MAX) { + CACKEY_DEBUG_PRINTF("Offset exceeds maximum value, returning in failure. (max = %li, offset = %lu)", (long) _POSIX_SSIZE_MAX, (unsigned long) offset); + + return(-1); + } +# endif +#endif CACKEY_DEBUG_PRINTF("Returning in success, read %lu bytes", (unsigned long) offset); return(offset); } @@ -1870,10 +1888,20 @@ return(-1); } /* End transaction */ cackey_end_transaction(slot); + +#ifdef CACKEY_PARANOID +# ifdef _POSIX_SSIZE_MAX + if (outbuflen > _POSIX_SSIZE_MAX) { + CACKEY_DEBUG_PRINTF("Outbuflen exceeds maximum value, returning in failure. (max = %li, outbuflen = %lu)", (long) _POSIX_SSIZE_MAX, (unsigned long) outbuflen); + + return(-1); + } +# endif +#endif CACKEY_DEBUG_PRINTF("Returning in success."); return(outbuflen); } @@ -2004,10 +2032,20 @@ if (x509_read_ret <= 0) { return(-1); } } + +#ifdef CACKEY_PARANOID +# ifdef _POSIX_SSIZE_MAX + if (x509_read_ret > _POSIX_SSIZE_MAX) { + CACKEY_DEBUG_PRINTF("x509_read_ret exceeds maximum value, returning in failure. (max = %li, x509_read_ret = %lu)", (long) _POSIX_SSIZE_MAX, (unsigned long) x509_read_ret); + + return(-1); + } +# endif +#endif return(x509_read_ret); } /* Returns 0 on success */