commit eab4d17866bb457dd86d067b304294e9f6671d52 Author: Frank Morgner Date: Wed Jun 4 00:52:13 2025 +0200 fixed Stack-buffer-overflow WRITE fixes https://issues.oss-fuzz.com/issues/421520684 Index: opensc-0.26.1/src/libopensc/card-oberthur.c =================================================================== --- opensc-0.26.1.orig/src/libopensc/card-oberthur.c +++ opensc-0.26.1/src/libopensc/card-oberthur.c @@ -228,7 +228,7 @@ auth_init(struct sc_card *card) card->caps |= SC_CARD_CAP_RNG; card->caps |= SC_CARD_CAP_USE_FCI_AC; - if (auth_select_aid(card)) { + if (auth_select_aid(card)) { sc_log(card->ctx, "Failed to initialize %s", card->name); rv = SC_ERROR_INVALID_CARD; LOG_TEST_GOTO_ERR(card->ctx, SC_ERROR_INVALID_CARD, "Failed to initialize"); @@ -259,7 +259,7 @@ static void add_acl_entry(struct sc_card *card, struct sc_file *file, unsigned int op, unsigned char acl_byte) { - if ((acl_byte & 0xE0) == 0x60) { + if ((acl_byte & 0xE0) == 0x60) { sc_log(card->ctx, "called; op 0x%X; SC_AC_PRO; ref 0x%X", op, acl_byte); sc_file_add_acl_entry(file, op, SC_AC_PRO, acl_byte); return; @@ -353,7 +353,7 @@ auth_process_fci(struct sc_card *card, s file->size = PUBKEY_1024_ASN1_SIZE; else if (file->size==2048) file->size = PUBKEY_2048_ASN1_SIZE; - else { + else { sc_log(card->ctx, "Not supported public key size: %"SC_FORMAT_LEN_SIZE_T"u", file->size); @@ -392,8 +392,7 @@ auth_process_fci(struct sc_card *card, s add_acl_entry(card, file, SC_AC_OP_PIN_CHANGE, attr[5]); add_acl_entry(card, file, SC_AC_OP_PIN_RESET, attr[6]); sc_log(card->ctx, "SC_FILE_TYPE_DF:CRYPTO %X", attr[1]); - } - else if (file->type == SC_FILE_TYPE_INTERNAL_EF) { /* EF */ + } else if (file->type == SC_FILE_TYPE_INTERNAL_EF) { /* EF */ switch (file->ef_structure) { case SC_CARDCTL_OBERTHUR_KEY_DES: add_acl_entry(card, file, SC_AC_OP_UPDATE, attr[0]); @@ -417,8 +416,7 @@ auth_process_fci(struct sc_card *card, s add_acl_entry(card, file, SC_AC_OP_INTERNAL_AUTHENTICATE, attr[5]); break; } - } - else { + } else { switch (file->ef_structure) { case SC_FILE_EF_TRANSPARENT: add_acl_entry(card, file, SC_AC_OP_WRITE, attr[0]); @@ -467,7 +465,7 @@ auth_select_file(struct sc_card *card, c sc_log(card->ctx, "current file; type=%d, path=%s", auth_current_ef->path.type, sc_print_path(&auth_current_ef->path)); - if (path.type == SC_PATH_TYPE_PARENT || path.type == SC_PATH_TYPE_FILE_ID) { + if (path.type == SC_PATH_TYPE_PARENT || path.type == SC_PATH_TYPE_FILE_ID) { sc_file_free(auth_current_ef); auth_current_ef = NULL; @@ -476,7 +474,7 @@ auth_select_file(struct sc_card *card, c if (!tmp_file) return SC_ERROR_OBJECT_NOT_FOUND; - if (path.type == SC_PATH_TYPE_PARENT) { + if (path.type == SC_PATH_TYPE_PARENT) { memcpy(&tmp_file->path, &auth_current_df->path, sizeof(struct sc_path)); if (tmp_file->path.len > 2) tmp_file->path.len -= 2; @@ -484,16 +482,14 @@ auth_select_file(struct sc_card *card, c sc_file_free(auth_current_df); auth_current_df = NULL; sc_file_dup(&auth_current_df, tmp_file); - } - else { - if (tmp_file->type == SC_FILE_TYPE_DF) { + } else { + if (tmp_file->type == SC_FILE_TYPE_DF) { sc_concatenate_path(&tmp_file->path, &auth_current_df->path, &path); sc_file_free(auth_current_df); auth_current_df = NULL; sc_file_dup(&auth_current_df, tmp_file); - } - else { + } else { sc_file_free(auth_current_ef); auth_current_ef = NULL; @@ -507,28 +503,26 @@ auth_select_file(struct sc_card *card, c } sc_file_free(tmp_file); - } - else if (path.type == SC_PATH_TYPE_DF_NAME) { + } else if (path.type == SC_PATH_TYPE_DF_NAME) { rv = iso_ops->select_file(card, &path, NULL); - if (rv) { + if (rv) { sc_file_free(auth_current_ef); auth_current_ef = NULL; } LOG_TEST_RET(card->ctx, rv, "select file failed"); - } - else { + } else { for (offs = 0; offs < path.len && offs < auth_current_df->path.len; offs += 2) if (path.value[offs] != auth_current_df->path.value[offs] || path.value[offs + 1] != auth_current_df->path.value[offs + 1]) break; sc_log(card->ctx, "offs %"SC_FORMAT_LEN_SIZE_T"u", offs); - if (offs && offs < auth_current_df->path.len) { + if (offs && offs < auth_current_df->path.len) { size_t deep = auth_current_df->path.len - offs; sc_log(card->ctx, "deep %"SC_FORMAT_LEN_SIZE_T"u", deep); - for (ii=0; iipath, sizeof(struct sc_path)); @@ -544,14 +538,14 @@ auth_select_file(struct sc_card *card, c } } - if (path.len > offs) { + if (path.len > offs) { struct sc_path tmp_path; memset(&tmp_path, 0, sizeof(struct sc_path)); tmp_path.type = SC_PATH_TYPE_FILE_ID; tmp_path.len = 2; - for (ii=0; ii < path.len - offs; ii+=2) { + for (ii = 0; ii < path.len - offs; ii += 2) { memcpy(tmp_path.value, path.value + offs + ii, 2); if (file_out) { @@ -562,8 +556,7 @@ auth_select_file(struct sc_card *card, c rv = auth_select_file(card, &tmp_path, file_out); LOG_TEST_RET(card->ctx, rv, "select file failed"); } - } - else if (path.len - offs == 0 && file_out) { + } else if (path.len - offs == 0 && file_out) { if (sc_compare_path(&path, &auth_current_df->path) && file_out) { sc_file_free(*file_out); sc_file_dup(file_out, auth_current_df); @@ -603,7 +596,7 @@ auth_list_files(struct sc_card *card, un if (apdu.resplen == 0x100 && rbuf[0]==0 && rbuf[1]==0) LOG_FUNC_RETURN(card->ctx, 0); - buflen = buflen < apdu.resplen ? buflen : apdu.resplen; + buflen = MIN(buflen, apdu.resplen); memcpy(buf, rbuf, buflen); LOG_FUNC_RETURN(card->ctx, (int)buflen); @@ -626,12 +619,12 @@ auth_delete_file(struct sc_card *card, c sc_log(card->ctx, "path; type=%d, path=%s", path->type, pbuf); - if (path->len < 2) { + if (path->len < 2) { sc_log(card->ctx, "Invalid path length"); LOG_FUNC_RETURN(card->ctx, SC_ERROR_INVALID_ARGUMENTS); } - if (path->len > 2) { + if (path->len > 2) { struct sc_path parent = *path; parent.len -= 2; @@ -654,7 +647,7 @@ auth_delete_file(struct sc_card *card, c rv = sc_transmit_apdu(card, &apdu); LOG_TEST_RET(card->ctx, rv, "APDU transmit failed"); - if (apdu.sw1==0x6A && apdu.sw2==0x82) { + if (apdu.sw1 == 0x6A && apdu.sw2 == 0x82) { /* Clean up tDF contents.*/ struct sc_path tmp_path; int ii, len; @@ -670,7 +663,7 @@ auth_delete_file(struct sc_card *card, c len = auth_list_files(card, lbuf, sizeof(lbuf)); LOG_TEST_RET(card->ctx, len, "list DF failed"); - for (ii=0; iitype == SC_FILE_TYPE_DF) { + if (file->type == SC_FILE_TYPE_DF) { p[4] = 0x38; p[5] = 0x00; - } - else if (file->type == SC_FILE_TYPE_WORKING_EF) { + } else if (file->type == SC_FILE_TYPE_WORKING_EF) { switch (file->ef_structure) { case SC_FILE_EF_TRANSPARENT: p[4] = 0x01; @@ -772,8 +764,7 @@ encode_file_structure_V5(struct sc_card rv = SC_ERROR_INVALID_ARGUMENTS; break; } - } - else if (file->type == SC_FILE_TYPE_INTERNAL_EF) { + } else if (file->type == SC_FILE_TYPE_INTERNAL_EF) { switch (file->ef_structure) { case SC_CARDCTL_OBERTHUR_KEY_DES: p[4] = 0x11; @@ -791,11 +782,10 @@ encode_file_structure_V5(struct sc_card rv = -1; break; } - } - else + } else rv = SC_ERROR_INVALID_ARGUMENTS; - if (rv) { + if (rv) { sc_log(card->ctx, "Invalid EF structure 0x%X/0x%X", file->type, file->ef_structure); LOG_FUNC_RETURN(card->ctx, SC_ERROR_INCORRECT_PARAMETERS); } @@ -810,11 +800,10 @@ encode_file_structure_V5(struct sc_card size = file->size; - if (file->type == SC_FILE_TYPE_DF) { + if (file->type == SC_FILE_TYPE_DF) { size &= 0xFF; - } - else if (file->type == SC_FILE_TYPE_INTERNAL_EF && - file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC) { + } else if (file->type == SC_FILE_TYPE_INTERNAL_EF && + file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC) { sc_log(card->ctx, "ef %s","SC_FILE_EF_RSA_PUBLIC"); if (file->size == PUBKEY_512_ASN1_SIZE || file->size == 512) size = 512; @@ -822,22 +811,21 @@ encode_file_structure_V5(struct sc_card size = 1024; else if (file->size == PUBKEY_2048_ASN1_SIZE || file->size == 2048) size = 2048; - else { + else { sc_log(card->ctx, "incorrect RSA size %"SC_FORMAT_LEN_SIZE_T"X", file->size); LOG_FUNC_RETURN(card->ctx, SC_ERROR_INCORRECT_PARAMETERS); } - } - else if (file->type == SC_FILE_TYPE_INTERNAL_EF && - file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_DES) { + } else if (file->type == SC_FILE_TYPE_INTERNAL_EF && + file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_DES) { if (file->size == 8 || file->size == 64) size = 64; else if (file->size == 16 || file->size == 128) size = 128; else if (file->size == 24 || file->size == 192) size = 192; - else { + else { sc_log(card->ctx, "incorrect DES size %"SC_FORMAT_LEN_SIZE_T"u", file->size); @@ -859,25 +847,22 @@ encode_file_structure_V5(struct sc_card ops[4] = SC_AC_OP_PIN_DEFINE; ops[5] = SC_AC_OP_PIN_CHANGE; ops[6] = SC_AC_OP_PIN_RESET; - } - else if (file->type == SC_FILE_TYPE_WORKING_EF) { - if (file->ef_structure == SC_FILE_EF_TRANSPARENT) { + } else if (file->type == SC_FILE_TYPE_WORKING_EF) { + if (file->ef_structure == SC_FILE_EF_TRANSPARENT) { sc_log(card->ctx, "SC_FILE_EF_TRANSPARENT"); ops[0] = SC_AC_OP_WRITE; ops[1] = SC_AC_OP_UPDATE; ops[2] = SC_AC_OP_READ; ops[3] = SC_AC_OP_ERASE; - } - else if (file->ef_structure == SC_FILE_EF_LINEAR_VARIABLE) { + } else if (file->ef_structure == SC_FILE_EF_LINEAR_VARIABLE) { sc_log(card->ctx, "SC_FILE_EF_LINEAR_VARIABLE"); ops[0] = SC_AC_OP_WRITE; ops[1] = SC_AC_OP_UPDATE; ops[2] = SC_AC_OP_READ; ops[3] = SC_AC_OP_ERASE; } - } - else if (file->type == SC_FILE_TYPE_INTERNAL_EF) { - if (file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_DES) { + } else if (file->type == SC_FILE_TYPE_INTERNAL_EF) { + if (file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_DES) { sc_log(card->ctx, "EF_DES"); ops[0] = SC_AC_OP_UPDATE; ops[1] = SC_AC_OP_PSO_DECRYPT; @@ -886,15 +871,13 @@ encode_file_structure_V5(struct sc_card ops[4] = SC_AC_OP_PSO_VERIFY_CHECKSUM; ops[5] = SC_AC_OP_INTERNAL_AUTHENTICATE; ops[6] = SC_AC_OP_EXTERNAL_AUTHENTICATE; - } - else if (file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC) { + } else if (file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC) { sc_log(card->ctx, "EF_RSA_PUBLIC"); ops[0] = SC_AC_OP_UPDATE; ops[2] = SC_AC_OP_PSO_ENCRYPT; ops[4] = SC_AC_OP_PSO_VERIFY_SIGNATURE; ops[6] = SC_AC_OP_EXTERNAL_AUTHENTICATE; - } - else if (file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_CRT) { + } else if (file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_CRT) { sc_log(card->ctx, "EF_RSA_PRIVATE"); ops[0] = SC_AC_OP_UPDATE; ops[1] = SC_AC_OP_PSO_DECRYPT; @@ -949,12 +932,12 @@ auth_create_file(struct sc_card *card, s if (rv != SC_SUCCESS) pbuf[0] = '\0'; - if (file->path.len) { + if (file->path.len) { memcpy(&path, &file->path, sizeof(path)); if (path.len>2) path.len -= 2; - if (auth_select_file(card, &path, NULL)) { + if (auth_select_file(card, &path, NULL)) { sc_log(card->ctx, "Cannot select parent DF."); LOG_FUNC_RETURN(card->ctx, SC_ERROR_INVALID_ARGUMENTS); } @@ -979,7 +962,7 @@ auth_create_file(struct sc_card *card, s LOG_TEST_RET(card->ctx, rv, "Card returned error"); /* select created DF. */ - if (file->type == SC_FILE_TYPE_DF) { + if (file->type == SC_FILE_TYPE_DF) { struct sc_path tmp_path; struct sc_file *df_file = NULL; @@ -1029,20 +1012,19 @@ auth_set_security_env(struct sc_card *ca if (!(env->flags & SC_SEC_ENV_FILE_REF_PRESENT)) LOG_TEST_RET(card->ctx, SC_ERROR_INTERNAL, "Key file is not selected."); - switch (env->algorithm) { + switch (env->algorithm) { case SC_ALGORITHM_DES: case SC_ALGORITHM_3DES: sc_log(card->ctx, "algo SC_ALGORITHM_xDES: ref %lX, flags %lX", env->algorithm_ref, env->flags); - if (env->operation == SC_SEC_OPERATION_DECIPHER) { + if (env->operation == SC_SEC_OPERATION_DECIPHER) { sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, 0x41, 0xB8); apdu.lc = 3; apdu.data = des_sbuf; apdu.datalen = 3; - } - else { + } else { sc_log(card->ctx, "Invalid crypto operation: %X", env->operation); LOG_TEST_RET(card->ctx, SC_ERROR_NOT_SUPPORTED, "Invalid crypto operation"); } @@ -1054,28 +1036,26 @@ auth_set_security_env(struct sc_card *ca LOG_TEST_RET(card->ctx, SC_ERROR_NOT_SUPPORTED, "No support for hashes."); } - if (pads & (~supported_pads)) { + if (pads & (~supported_pads)) { sc_log(card->ctx, "No support for PAD %lX", pads); LOG_TEST_RET(card->ctx, SC_ERROR_NOT_SUPPORTED, "No padding support."); } - if (env->operation == SC_SEC_OPERATION_SIGN) { + if (env->operation == SC_SEC_OPERATION_SIGN) { rsa_sbuf[2] = 0x11; sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, 0x41, 0xB6); apdu.lc = sizeof(rsa_sbuf); apdu.datalen = sizeof(rsa_sbuf); apdu.data = rsa_sbuf; - } - else if (env->operation == SC_SEC_OPERATION_DECIPHER) { + } else if (env->operation == SC_SEC_OPERATION_DECIPHER) { rsa_sbuf[2] = 0x11; sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, 0x41, 0xB8); apdu.lc = sizeof(rsa_sbuf); apdu.datalen = sizeof(rsa_sbuf); apdu.data = rsa_sbuf; - } - else { + } else { sc_log(card->ctx, "Invalid crypto operation: %X", env->operation); LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED); } @@ -1111,10 +1091,9 @@ auth_compute_signature(struct sc_card *c unsigned char resp[SC_MAX_APDU_BUFFER_SIZE]; int rv; - if (!card || !in || !out) { + if (!card || !in || !out) { return SC_ERROR_INVALID_ARGUMENTS; - } - else if (ilen > 96) { + } else if (ilen > 96) { sc_log(card->ctx, "Illegal input length %"SC_FORMAT_LEN_SIZE_T"u", ilen); @@ -1130,16 +1109,16 @@ auth_compute_signature(struct sc_card *c apdu.datalen = ilen; apdu.data = in; apdu.lc = ilen; - apdu.le = olen > 256 ? 256 : olen; + apdu.le = MIN(olen, SC_MAX_APDU_RESP_SIZE); apdu.resp = resp; - apdu.resplen = olen; + apdu.resplen = SC_MAX_APDU_BUFFER_SIZE; rv = sc_transmit_apdu(card, &apdu); LOG_TEST_RET(card->ctx, rv, "APDU transmit failed"); rv = sc_check_sw(card, apdu.sw1, apdu.sw2); LOG_TEST_RET(card->ctx, rv, "Compute signature failed"); - if (apdu.resplen > olen) { + if (apdu.resplen > olen) { sc_log(card->ctx, "Compute signature failed: invalid response length %"SC_FORMAT_LEN_SIZE_T"u", apdu.resplen); @@ -1171,20 +1150,20 @@ auth_decipher(struct sc_card *card, cons sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0x2A, 0x80, 0x86); sc_log(card->ctx, "algorithm SC_ALGORITHM_RSA"); - if (inlen % 64) { + if (inlen % 64) { rv = SC_ERROR_INVALID_ARGUMENTS; goto done; } _inlen = inlen; - if (_inlen == 256) { + if (_inlen == SC_MAX_APDU_RESP_SIZE) { apdu.cla |= 0x10; apdu.data = in; apdu.datalen = 8; apdu.resp = resp; apdu.resplen = SC_MAX_APDU_BUFFER_SIZE; apdu.lc = 8; - apdu.le = 256; + apdu.le = SC_MAX_APDU_RESP_SIZE; rv = sc_transmit_apdu(card, &apdu); sc_log(card->ctx, "rv %i", rv); @@ -1262,7 +1241,7 @@ auth_generate_key(struct sc_card *card, LOG_FUNC_CALLED(card->ctx); if (data->key_bits < 512 || data->key_bits > 2048 || - (data->key_bits%0x20)!=0) { + (data->key_bits % 0x20) != 0) { LOG_TEST_RET(card->ctx, SC_ERROR_INVALID_ARGUMENTS, "Illegal key length"); } @@ -1270,7 +1249,7 @@ auth_generate_key(struct sc_card *card, sbuf[1] = data->id_pub & 0xFF; sbuf[2] = (data->id_prv >> 8) & 0xFF; sbuf[3] = data->id_prv & 0xFF; - if (data->exponent != 0x10001) { + if (data->exponent != 0x10001) { rv = auth_encode_exponent(data->exponent, &sbuf[5],SC_MAX_APDU_BUFFER_SIZE-6); LOG_TEST_RET(card->ctx, rv, "Cannot encode exponent"); @@ -1308,7 +1287,7 @@ auth_generate_key(struct sc_card *card, apdu.resplen = rv; - if (data->pubkey) { + if (data->pubkey) { if (data->pubkey_len < apdu.resplen) { rv = SC_ERROR_INVALID_ARGUMENTS; LOG_TEST_GOTO_ERR(card->ctx, rv, "invalid length received"); @@ -1352,7 +1331,7 @@ auth_update_component(struct sc_card *ca memcpy(sbuf + len, args->data, args->len); len += args->len; - if (args->type == SC_CARDCTL_OBERTHUR_KEY_DES) { + if (args->type == SC_CARDCTL_OBERTHUR_KEY_DES) { int outl; const unsigned char in[8] = {0,0,0,0,0,0,0,0}; unsigned char out[8]; @@ -1390,8 +1369,7 @@ auth_update_component(struct sc_card *ca sbuf[len++] = 0x03; memcpy(sbuf + len, out, 3); len += 3; - } - else { + } else { sbuf[len++] = 0; } @@ -1400,7 +1378,7 @@ auth_update_component(struct sc_card *ca apdu.data = sbuf; apdu.datalen = len; apdu.lc = len; - if (args->len == 0x100) { + if (args->len == 0x100) { sbuf[0] = args->type; sbuf[1] = 0x20; memcpy(sbuf + 2, args->data, 0x20); @@ -1441,7 +1419,7 @@ auth_update_key(struct sc_card *card, st if (info->data_len != sizeof(void *) || !info->data) LOG_FUNC_RETURN(card->ctx, SC_ERROR_INVALID_ARGUMENTS); - if (info->type == SC_CARDCTL_OBERTHUR_KEY_RSA_CRT) { + if (info->type == SC_CARDCTL_OBERTHUR_KEY_RSA_CRT) { struct sc_pkcs15_prkey_rsa *rsa = (struct sc_pkcs15_prkey_rsa *)info->data; struct sc_pkcs15_bignum bn[5]; @@ -1451,7 +1429,7 @@ auth_update_key(struct sc_card *card, st bn[2] = rsa->iqmp; bn[3] = rsa->dmp1; bn[4] = rsa->dmq1; - for (ii=0;ii<5;ii++) { + for (ii = 0; ii < 5; ii++) { struct auth_update_component_info args; memset(&args, 0, sizeof(args)); @@ -1463,11 +1441,9 @@ auth_update_key(struct sc_card *card, st rv = auth_update_component(card, &args); LOG_TEST_RET(card->ctx, rv, "Update RSA component failed"); } - } - else if (info->type == SC_CARDCTL_OBERTHUR_KEY_DES) { + } else if (info->type == SC_CARDCTL_OBERTHUR_KEY_DES) { rv = SC_ERROR_NOT_SUPPORTED; - } - else { + } else { rv = SC_ERROR_INVALID_DATA; } @@ -1508,7 +1484,7 @@ auth_read_component(struct sc_card *card { struct sc_apdu apdu; int rv; - unsigned char resp[256]; + unsigned char resp[SC_MAX_APDU_RESP_SIZE]; LOG_FUNC_CALLED(card->ctx); sc_log(card->ctx, "num %i, outlen %"SC_FORMAT_LEN_SIZE_T"u, type %i", @@ -1569,11 +1545,10 @@ auth_init_pin_info(struct sc_card *card, pin->pad_char = 0xFF; pin->encoding = SC_PIN_ENCODING_ASCII; - if (type == OBERTHUR_AUTH_TYPE_PIN) { + if (type == OBERTHUR_AUTH_TYPE_PIN) { pin->max_length = OBERTHUR_AUTH_MAX_LENGTH_PIN; pin->pad_length = OBERTHUR_AUTH_MAX_LENGTH_PIN; - } - else { + } else { pin->max_length = OBERTHUR_AUTH_MAX_LENGTH_PUK; pin->pad_length = OBERTHUR_AUTH_MAX_LENGTH_PUK; } @@ -1693,7 +1668,7 @@ auth_pin_is_verified(struct sc_card *car *tries_left = apdu.sw2 & 0x0F; /* Replace 'no tries left' with 'auth method blocked' */ - if (apdu.sw1 == 0x63 && apdu.sw2 == 0xC0) { + if (apdu.sw1 == 0x63 && apdu.sw2 == 0xC0) { apdu.sw1 = 0x69; apdu.sw2 = 0x83; } @@ -1770,7 +1745,7 @@ auth_pin_change(struct sc_card *card, un LOG_FUNC_CALLED(card->ctx); - if (data->pin1.len && data->pin2.len) { + if (data->pin1.len && data->pin2.len) { /* Direct unblock style */ data->flags |= SC_PIN_CMD_NEED_PADDING; data->flags &= ~SC_PIN_CMD_USE_PINPAD; @@ -1783,13 +1758,11 @@ auth_pin_change(struct sc_card *card, un rv = iso_drv->ops->pin_cmd(card, data, tries_left); LOG_TEST_RET(card->ctx, rv, "CMD 'PIN CHANGE' failed"); - } - else if (!data->pin1.len && !data->pin2.len) { + } else if (!data->pin1.len && !data->pin2.len) { /* Oberthur unblock style with PIN pad. */ rv = auth_pin_change_pinpad(card, data, tries_left); LOG_TEST_RET(card->ctx, rv, "'PIN CHANGE' failed: SOPIN verify with pinpad failed"); - } - else { + } else { LOG_TEST_RET(card->ctx, SC_ERROR_INVALID_ARGUMENTS, "'PIN CHANGE' failed"); } @@ -1855,7 +1828,7 @@ auth_pin_reset_oberthur_style(struct sc_ pin_cmd.pin1.data = ffs1; pin_cmd.pin1.len = OBERTHUR_AUTH_MAX_LENGTH_PUK; - if (data->pin2.data) { + if (data->pin2.data) { memcpy(&pin_cmd.pin2, &data->pin2, sizeof(pin_cmd.pin2)); rv = auth_pin_reset(card, SC_AC_CHV, &pin_cmd, tries_left); LOG_FUNC_RETURN(card->ctx, rv); @@ -1990,7 +1963,7 @@ auth_create_reference_data (struct sc_ca len += pin_info.pad_length; sc_log(card->ctx, "len %i", len); - if (args->puk && args->puk_len) { + if (args->puk && args->puk_len) { sbuf[len++] = args->puk_tries; sbuf[len++] = args->puk_len / puk_info.pad_length; sc_log(card->ctx, "len %i", len); @@ -2021,7 +1994,7 @@ auth_logout(struct sc_card *card) int ii, rv = 0, pin_ref; int reset_flag = 0x20; - for (ii=0; ii < 4; ii++) { + for (ii = 0; ii < 4; ii++) { rv = auth_get_pin_reference (card, SC_AC_CHV, ii+1, SC_PIN_CMD_UNBLOCK, &pin_ref); LOG_TEST_RET(card->ctx, rv, "Cannot get PIN reference"); @@ -2030,7 +2003,6 @@ auth_logout(struct sc_card *card) apdu.p2 = pin_ref | reset_flag; rv = sc_transmit_apdu(card, &apdu); LOG_TEST_RET(card->ctx, rv, "APDU transmit failed"); - } LOG_FUNC_RETURN(card->ctx, rv); @@ -2058,7 +2030,7 @@ write_publickey (struct sc_card *card, u memcpy(rsa_der + offset, buf, len); rsa_der_len = offset + len; - if (rsa_der[0]==0x30) { + if (rsa_der[0] == 0x30) { if (rsa_der[1] & 0x80) for (ii=0; ii < (rsa_der[1]&0x0F); ii++) der_size = der_size*0x100 + rsa_der[2+ii]; @@ -2114,12 +2086,11 @@ auth_update_binary(struct sc_card *card, if (offset & ~0x7FFF) LOG_TEST_RET(card->ctx, SC_ERROR_INVALID_ARGUMENTS, "Invalid file offset"); - if (auth_current_ef->magic==SC_FILE_MAGIC && - auth_current_ef->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC) { + if (auth_current_ef->magic == SC_FILE_MAGIC && + auth_current_ef->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC) { rv = write_publickey(card, offset, buf, count); - } - else if (auth_current_ef->magic==SC_FILE_MAGIC && - auth_current_ef->ef_structure == SC_CARDCTL_OBERTHUR_KEY_DES) { + } else if (auth_current_ef->magic == SC_FILE_MAGIC && + auth_current_ef->ef_structure == SC_CARDCTL_OBERTHUR_KEY_DES) { struct auth_update_component_info args; memset(&args, 0, sizeof(args)); @@ -2127,8 +2098,7 @@ auth_update_binary(struct sc_card *card, args.data = (unsigned char *)buf; args.len = count; rv = auth_update_component(card, &args); - } - else { + } else { rv = iso_ops->update_binary(card, offset, buf, count, 0); } @@ -2161,10 +2131,10 @@ auth_read_binary(struct sc_card *card, u if (offset & ~0x7FFF) LOG_TEST_RET(card->ctx, SC_ERROR_INVALID_ARGUMENTS, "Invalid file offset"); - if (auth_current_ef->magic==SC_FILE_MAGIC && - auth_current_ef->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC) { + if (auth_current_ef->magic == SC_FILE_MAGIC && + auth_current_ef->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC) { int jj; - unsigned char resp[256]; + unsigned char resp[SC_MAX_APDU_RESP_SIZE]; size_t resp_len, out_len; struct sc_pkcs15_pubkey_rsa key; @@ -2216,8 +2186,7 @@ auth_read_binary(struct sc_card *card, u sc_log_hex(card->ctx, "write_publickey", buf, sz); rv = (int)sz; } - } - else { + } else { rv = iso_ops->read_binary(card, offset, buf, count, 0); } @@ -2250,14 +2219,16 @@ auth_read_record(struct sc_card *card, u if (flags & SC_RECORD_BY_REC_NR) apdu.p2 |= 0x04; - apdu.le = count; - apdu.resplen = count; + apdu.le = MIN(count, SC_MAX_APDU_BUFFER_SIZE); + apdu.resplen = SC_MAX_APDU_BUFFER_SIZE; apdu.resp = recvbuf; rv = sc_transmit_apdu(card, &apdu); LOG_TEST_RET(card->ctx, rv, "APDU transmit failed"); if (apdu.resplen == 0) LOG_FUNC_RETURN(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2)); + if (count < apdu.resplen) + LOG_FUNC_RETURN(card->ctx, SC_ERROR_WRONG_LENGTH); memcpy(buf, recvbuf, apdu.resplen); rv = sc_check_sw(card, apdu.sw1, apdu.sw2); @@ -2315,8 +2286,8 @@ auth_check_sw(struct sc_card *card, unsi { int ii; - for (ii=0; auth_warnings[ii].SWs; ii++) { - if (auth_warnings[ii].SWs == ((sw1 << 8) | sw2)) { + for (ii = 0; auth_warnings[ii].SWs; ii++) { + if (auth_warnings[ii].SWs == ((sw1 << 8) | sw2)) { sc_log(card->ctx, "%s", auth_warnings[ii].errorstr); return auth_warnings[ii].errorno; }