Overview
Comment: | Fixed issue with double-free when PC/SC connection manager is unavailable
Fixed issues found from splint(1) output |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: | c70fbcca604bcdd637194ea505741f9331d4f273 |
User & Date: | rkeene on 2010-05-17 05:09:46 |
Other Links: | manifest | tags |
Context
2010-05-17
| ||
05:18 | Fixed issue with double-free not being reported if it is the last action recorded check-in: 8a6ff15b3c user: rkeene tags: trunk | |
05:09 |
Fixed issue with double-free when PC/SC connection manager is unavailable
Fixed issues found from splint(1) output check-in: c70fbcca60 user: rkeene tags: trunk | |
05:04 |
Updated to strip release library
Updated list of headers to check for check-in: b491412695 user: rkeene tags: trunk | |
Changes
Modified Makefile.in from [7e5757e77e] to [2f99a74303].
38 38 libcackey_g.@SHOBJEXT@: cackey_g.o asn1-x509_g.o 39 39 $(CC) $(SHOBJFLAGS) $(DEBUGCPPFLAGS) $(DEBUGCFLAGS) $(SHOBJLDFLAGS) $(LDFLAGS) -o libcackey_g.@SHOBJEXT@ cackey_g.o asn1-x509_g.o $(LIBS) 40 40 41 41 test: test.c libcackey_g.@SHOBJEXT@ 42 42 $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o test test.c -Wl,-R,. libcackey_g.@SHOBJEXT@ 43 43 44 44 splint-cackey.txt: cackey.c asn1-x509.c asn1-x509.h config.h 45 - splint $(CPPFLAGS) -weak +posixlib -I/usr/include/PCSC -Ipkcs11 cackey.c > splint-cackey.txt 45 + splint $(DEBUGCPPFLAGS) -DCACKEY_PARANOID=1 -weak +posixlib -I/usr/include/PCSC -Ipkcs11 cackey.c > splint-cackey.txt 46 46 47 47 install: libcackey.@SHOBJEXT@ 48 48 -mkdir "$(DESTDIR)$(libdir)" 49 49 cp "libcackey.@SHOBJEXT@" "$(DESTDIR)$(libdir)/" 50 50 -cp "libcackey_g.@SHOBJEXT@" "$(DESTDIR)$(libdir)/" 51 51 52 52 clean:
Modified cackey.c from [4cc11579bd] to [ddbf6476ef].
22 22 #endif 23 23 #ifdef HAVE_STRING_H 24 24 # include <string.h> 25 25 #endif 26 26 #ifdef HAVE_PTHREAD_H 27 27 # include <pthread.h> 28 28 #endif 29 +#ifdef HAVE_LIMITS_H 30 +# include <limits.h> 31 +#endif 29 32 #ifdef HAVE_ZLIB_H 30 33 # ifdef HAVE_LIBZ 31 34 # include <zlib.h> 32 35 # endif 33 36 #else 34 37 # ifdef HAVE_LIBZ 35 38 # undef HAVE_LIBZ ................................................................................ 693 696 694 697 CACKEY_DEBUG_PRINTF("SCardEstablishContext() called"); 695 698 scard_est_context_ret = SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL, cackey_pcsc_handle); 696 699 if (scard_est_context_ret != SCARD_S_SUCCESS) { 697 700 CACKEY_DEBUG_PRINTF("Call to SCardEstablishContext failed (returned %s/%li), returning in failure", CACKEY_DEBUG_FUNC_SCARDERR_TO_STR(scard_est_context_ret), (long) scard_est_context_ret); 698 701 699 702 free(cackey_pcsc_handle); 703 + cackey_pcsc_handle = NULL; 700 704 701 705 cackey_slots_disconnect_all(); 702 706 703 707 return(CACKEY_PCSC_E_GENERIC); 704 708 } 705 709 } 706 710 ................................................................................ 712 716 713 717 CACKEY_DEBUG_PRINTF("SCardEstablishContext() called"); 714 718 scard_est_context_ret = SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL, cackey_pcsc_handle); 715 719 if (scard_est_context_ret != SCARD_S_SUCCESS) { 716 720 CACKEY_DEBUG_PRINTF("Call to SCardEstablishContext failed (returned %s/%li), returning in failure", CACKEY_DEBUG_FUNC_SCARDERR_TO_STR(scard_est_context_ret), (long) scard_est_context_ret); 717 721 718 722 free(cackey_pcsc_handle); 723 + cackey_pcsc_handle = NULL; 719 724 720 725 cackey_slots_disconnect_all(); 721 726 722 727 return(CACKEY_PCSC_E_GENERIC); 723 728 } 724 729 725 730 CACKEY_DEBUG_PRINTF("Handle has been re-established"); ................................................................................ 754 759 755 760 if (cackey_pcsc_handle == NULL) { 756 761 return(CACKEY_PCSC_S_OK); 757 762 } 758 763 759 764 scard_rel_context_ret = SCardReleaseContext(*cackey_pcsc_handle); 760 765 761 - free(cackey_pcsc_handle); 762 - cackey_pcsc_handle = NULL; 766 + if (cackey_pcsc_handle) { 767 + free(cackey_pcsc_handle); 768 + 769 + cackey_pcsc_handle = NULL; 770 + } 763 771 764 772 if (scard_rel_context_ret != SCARD_S_SUCCESS) { 765 773 return(CACKEY_PCSC_E_GENERIC); 766 774 } 767 775 768 776 return(CACKEY_PCSC_S_OK); 769 777 } ................................................................................ 1269 1277 1270 1278 return(-1); 1271 1279 } 1272 1280 1273 1281 offset += count; 1274 1282 1275 1283 if (count < max_count) { 1276 - CACKEY_DEBUG_PRINTF("Short read -- count = %i, cmd[1] = %i", count, cmd[1]); 1284 + CACKEY_DEBUG_PRINTF("Short read -- count = %i, cmd[1] = %i", (int) count, (int) cmd[1]); 1277 1285 1278 1286 break; 1279 1287 } 1280 1288 } 1289 + 1290 +#ifdef CACKEY_PARANOID 1291 +# ifdef _POSIX_SSIZE_MAX 1292 + if (offset > _POSIX_SSIZE_MAX) { 1293 + CACKEY_DEBUG_PRINTF("Offset exceeds maximum value, returning in failure. (max = %li, offset = %lu)", (long) _POSIX_SSIZE_MAX, (unsigned long) offset); 1294 + 1295 + return(-1); 1296 + } 1297 +# endif 1298 +#endif 1281 1299 1282 1300 CACKEY_DEBUG_PRINTF("Returning in success, read %lu bytes", (unsigned long) offset); 1283 1301 1284 1302 return(offset); 1285 1303 } 1286 1304 1287 1305 /* ................................................................................ 1868 1886 cackey_end_transaction(slot); 1869 1887 1870 1888 return(-1); 1871 1889 } 1872 1890 1873 1891 /* End transaction */ 1874 1892 cackey_end_transaction(slot); 1893 + 1894 +#ifdef CACKEY_PARANOID 1895 +# ifdef _POSIX_SSIZE_MAX 1896 + if (outbuflen > _POSIX_SSIZE_MAX) { 1897 + CACKEY_DEBUG_PRINTF("Outbuflen exceeds maximum value, returning in failure. (max = %li, outbuflen = %lu)", (long) _POSIX_SSIZE_MAX, (unsigned long) outbuflen); 1898 + 1899 + return(-1); 1900 + } 1901 +# endif 1902 +#endif 1875 1903 1876 1904 CACKEY_DEBUG_PRINTF("Returning in success."); 1877 1905 1878 1906 return(outbuflen); 1879 1907 } 1880 1908 1881 1909 /* ................................................................................ 2002 2030 if (x509_read_ret <= 0) { 2003 2031 x509_read_ret = x509_dn_to_string(label_asn1, x509_read_ret, (char *) label_buf, label_buf_len, NULL); 2004 2032 2005 2033 if (x509_read_ret <= 0) { 2006 2034 return(-1); 2007 2035 } 2008 2036 } 2037 + 2038 +#ifdef CACKEY_PARANOID 2039 +# ifdef _POSIX_SSIZE_MAX 2040 + if (x509_read_ret > _POSIX_SSIZE_MAX) { 2041 + CACKEY_DEBUG_PRINTF("x509_read_ret exceeds maximum value, returning in failure. (max = %li, x509_read_ret = %lu)", (long) _POSIX_SSIZE_MAX, (unsigned long) x509_read_ret); 2042 + 2043 + return(-1); 2044 + } 2045 +# endif 2046 +#endif 2009 2047 2010 2048 return(x509_read_ret); 2011 2049 } 2012 2050 2013 2051 /* Returns 0 on success */ 2014 2052 static int cackey_mutex_create(void **mutex) { 2015 2053 pthread_mutex_t *pthread_mutex;