Backport from minidriver: 11788a4a36bf83a01104700f171774336086e9b4

commit 11788a4a36bf83a01104700f171774336086e9b4
Author: Dave Pate <dpate@yubico.com>
Date:   Tue Jul 18 18:28:48 2017 -0700

    Fixes #114 - jump to cleanup section in ykpiv_util_write_mscmap on invalid size
This commit is contained in:
Trevor Bentley
2017-08-07 15:34:45 +02:00
parent 16d0a519c4
commit 06f2e777ba
+10 -7
View File
@@ -239,7 +239,7 @@ ykpiv_rc ykpiv_util_list_keys(ykpiv_state *state, uint8_t *key_count, ykpiv_key
const uint8_t SLOTS[] = {
YKPIV_KEY_AUTHENTICATION,
YKPIV_KEY_SIGNATURE,
YKPIV_KEY_KEYMGM,
YKPIV_KEY_KEYMGM,
YKPIV_KEY_RETIRED1,
YKPIV_KEY_RETIRED2,
YKPIV_KEY_RETIRED3,
@@ -298,8 +298,8 @@ ykpiv_rc ykpiv_util_list_keys(ykpiv_state *state, uint8_t *key_count, ykpiv_key
cbData += cbRealloc;
// If ykpiv_key is misaligned or results in padding, this causes problems
// in the array we return. If this becomes a problem, we'll probably want
// If ykpiv_key is misaligned or results in padding, this causes problems
// in the array we return. If this becomes a problem, we'll probably want
// to go with a flat byte array.
pKey = (ykpiv_key*)(pData + offset);
@@ -452,7 +452,7 @@ ykpiv_rc ykpiv_util_write_mscmap(ykpiv_state *state, ykpiv_container *containers
// we intend to delete the object
if ((NULL == containers) || (0 == n_containers)) {
// if either containers or n_containers are non-zero, return an error,
// if either containers or n_containers are non-zero, return an error,
// that we only delete strictly when both are set properly
if ((NULL != containers) || (0 != n_containers)) {
res = YKPIV_GENERIC_ERROR;
@@ -469,7 +469,10 @@ ykpiv_rc ykpiv_util_write_mscmap(ykpiv_state *state, ykpiv_container *containers
// calculate the required length of the encoded object
req_len = 1 /* data tag */ + _ykpiv_set_length(buf, data_len) + data_len;
if (req_len > _obj_size_max(state)) return YKPIV_SIZE_ERROR;
if (req_len > _obj_size_max(state)) {
res = YKPIV_SIZE_ERROR;
goto Cleanup;
}
buf[offset++] = TAG_MSCMAP;
offset += _ykpiv_set_length(buf + offset, data_len);
@@ -592,7 +595,7 @@ ykpiv_rc ykpiv_util_write_msroots(ykpiv_state *state, uint8_t *data, size_t data
// we intend to delete the object
if ((NULL == data) || (0 == data_len)) {
// if either data or data_len are non-zero, return an error,
// if either data or data_len are non-zero, return an error,
// that we only delete strictly when both are set properly
if ((NULL != data) || (0 != data_len)) {
res = YKPIV_GENERIC_ERROR;
@@ -955,7 +958,7 @@ static ykpiv_rc _write_certificate(ykpiv_state *state, uint8_t slot, uint8_t *da
// check if data or data_len are zero, this means that we intend to delete the object
if ((NULL == data) || (0 == data_len)) {
// if either data or data_len are non-zero, return an error,
// if either data or data_len are non-zero, return an error,
// that we only delete strictly when both are set properly
if ((NULL != data) || (0 != data_len)) {
return YKPIV_GENERIC_ERROR;