Menu
▾
▴
Re: [Opensc-devel] Preventing malformed ODFs causing segfaults.
|
From: Douglas E E. <dee...@gm...> - 2015-06-02 16:42:17
|
On 6/2/2015 10:32 AM, Dirk-Willem van Gulik wrote: > We seem to be a bit trusting of the cruft which can be on a card; found I needed below to stop naughty cards > from causing segfaults (and hence locking subsequent users out of their desktops (a bit of fragility outside OpenSC)). > > Just wondering - is this sort of thing common (and should I scan most of the code for this) — or have i found a rare case ? It depends. The part of OpenSC that tries to determine the type of card, would be more likely to run into "naughty cards" or cards that don't follow all the standards or cards that have not been initialized as expected. Cards that may have worked with older versions of OpenSC, may not work with newer versions, as newer code may not have been tested against the older cards For example There are cards that emulate PKCS#15 and newer code added to OpenSC for example the sc_enum_apps() may not be emulated correctly. For example the ODF in older code does not need to be emulated. Not clear if it does now. Older versions of cards that may have worked before. But newer versions of the card or the files on new cards are not the same as before because the card issuer changed something. Can you say what cards caused these problems? > > Dw. > > https://github.com/OpenSC/OpenSC/commit/1061b5ded0edbc6a1f2cb4fd599b7c950ffe18ff > > src/libopensc/dir.c > @@ -149,6 +149,10 @@ int sc_enum_apps(sc_card_t *card) > r = sc_select_file(card, &path, &card->ef_dir); > LOG_TEST_RET(ctx, r, "Cannot select EF.DIR file"); > > + if (card->ef_dir == NULL) { > + LOG_TEST_RET(ctx, SC_ERROR_INVALID_CARD, "EF(DIR) nonexistant."); > + } > + > if (card->ef_dir->type != SC_FILE_TYPE_WORKING_EF) { > sc_file_free(card->ef_dir); > card->ef_dir = NULL; > > src/libopensc/pkcs15.c > @@ -1044,6 +1044,10 @@ sc_pkcs15_bind_internal(struct sc_pkcs15_card *p15card, struct sc_aid *aid) > sc_log(ctx, "Cannot make absolute path to EF(ODF); error:%i", err); > goto end; > } > + if (p15card->file_odf == NULL) { > + sc_log(ctx, "After making absolute path to EF(ODF) still no odf."); > + goto end; > + } > sc_log(ctx, "absolute path to EF(ODF) %s", sc_print_path(&tmppath)); > err = sc_select_file(card, &tmppath, &p15card->file_odf); > } > @@ -1059,6 +1063,8 @@ sc_pkcs15_bind_internal(struct sc_pkcs15_card *p15card, struct sc_aid *aid) > goto end; > } > > + assert(p15card->file_odf); > + > len = p15card->file_odf->size; > if (!len) { > sc_log(ctx, "EF(ODF) is empty”); > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > -- Douglas E. Engert <DEE...@gm...> |
